CVE-2025-12343

LOW 3.3

Ffmpeg: double-free vulnerability in ffmpeg tensorflow dnn backend

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

0th

A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions.

CWE	CWE-415
Published	Feb 18, 2026
Last Updated	Feb 25, 2026

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new low vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-12343 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2406533

Credits

Red Hat would like to thank Jiasheng Jiang for reporting this issue.