CVE-2025-63757 – An integer overflow vulnerability in FFmpeg's l... (How to Fix)

Q: What is the severity of CVE-2025-63757?

CVE-2025-63757 has a CVSS score of 7.5 (HIGH). An integer overflow vulnerability in FFmpeg's libswscale component allows attackers to cause heap corruption when processing specially crafted YUV video files. This affects any application using FFmpeg 8.0 for video processing or conversion. The vulnerability could lead to denial of service or potentially remote code execution.

📋 TL;DR

An integer overflow vulnerability in FFmpeg's libswscale component allows attackers to cause heap corruption when processing specially crafted YUV video files. This affects any application using FFmpeg 8.0 for video processing or conversion. The vulnerability could lead to denial of service or potentially remote code execution.

💻 Affected Systems

Products:

FFmpeg
Applications using FFmpeg libraries
Media processing tools built on FFmpeg

Versions: FFmpeg 8.0

Operating Systems: Linux, Windows, macOS, BSD, All platforms running FFmpeg

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using FFmpeg's libswscale component for YUV format conversion is vulnerable when processing untrusted video files.

📦 What is this software?

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise of the FFmpeg process, potentially allowing attacker to execute arbitrary code with the privileges of the FFmpeg process.

🟠

Likely Case

Application crash (denial of service) when processing malicious video files, potentially disrupting video processing services or media applications.

🟢

If Mitigated

Controlled crash with no privilege escalation if proper sandboxing and privilege separation are implemented.

🌐 Internet-Facing: MEDIUM - Many web applications use FFmpeg for video processing of user-uploaded content, making exploitation possible through file uploads.

🏢 Internal Only: LOW - Internal systems typically process trusted media files, reducing attack surface unless processing user-generated content.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Proof of concept available in GitHub gist demonstrates crash. Full weaponization for RCE would require additional heap manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FFmpeg 8.1 or later

Vendor Advisory: https://ffmpeg.org/security.html

Restart Required: Yes

Instructions:

1. Update FFmpeg to version 8.1 or later. 2. Rebuild any applications using FFmpeg libraries. 3. Restart services using FFmpeg.

🔧 Temporary Workarounds

Disable YUV processing for untrusted files

all

Configure applications to reject or skip YUV format processing for untrusted input files

Run FFmpeg in sandboxed environment

linux

Execute FFmpeg with reduced privileges using containerization or sandboxing

docker run --security-opt=no-new-privileges -u nobody ffmpeg

🧯 If You Can't Patch

Implement strict input validation to reject malformed video files before FFmpeg processing
Run FFmpeg processes with minimal privileges and in isolated environments

🔍 How to Verify

Check if Vulnerable:

Check FFmpeg version: ffmpeg -version | grep 'FFmpeg version' and verify if it's 8.0

Check Version:

ffmpeg -version | grep 'FFmpeg version'

Verify Fix Applied:

Verify FFmpeg version is 8.1 or later: ffmpeg -version | grep 'FFmpeg version'

📡 Detection & Monitoring

Log Indicators:

FFmpeg process crashes with segmentation fault
Abnormal termination of video processing services
Error logs mentioning libswscale or heap corruption

Network Indicators:

Multiple failed video upload attempts
Unusual video file upload patterns

SIEM Query:

process.name:ffmpeg AND (event.action:crash OR exit_code:139)

📊 Metadata

CVE ID: CVE-2025-63757

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-190

EPSS Score: 0.06% exploit probability (19.4th percentile)

Published: December 18, 2025

Last Updated: December 30, 2025

🔗 References

https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20698 Issue Tracking
https://ffmpeg.org/security.html Product
https://gist.github.com/miora-sora/43c1c5616dd5b4f960a9d20296ef4833 Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63757, you might also want to check these: