CVE-2025-9951

UNKNOWN 0.0

Remote code execution via Heap Buffer Overflow in FFmpeg JPEG2000

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.

CWE	CWE-122
Vendor	ffmpeg
Product	ffmpeg
Published	Sep 9, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for ffmpeg ffmpeg

Be the first to know when new unknown vulnerabilities affecting ffmpeg ffmpeg are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

FFmpeg / FFmpeg

< 8.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/google/security-research/security/advisories/GHSA-39q3-f8jq-v6mg