Heap Buffer Overflow in SANM Decoder (before 8.0)
CVE-2025-59730 Published on October 6, 2025
Heap-buffer-overflow write in FFmpeg SANM decoding due to lack of bounds-checking in old_codec48
When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it.
Frames encoded with codec 48 can specify their resolution (width x height). A buffer of appropriate size is allocated depending on the resolution.
This codec can encode the frame contents using a run-length encoding algorithm. There are no checks that the decoded frame fits in the allocated buffer, leading to a heap-buffer-overflow.
process_frame_obj initializes the buffers based on the frame resolution:
We recommend upgrading to version 8.0 or beyond.
Weakness Type
What is a Memory Corruption Vulnerability?
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
CVE-2025-59730 has been classified to as a Memory Corruption vulnerability or weakness.
Products Associated with CVE-2025-59730
Want to know whenever a new CVE is published for FFmpeg? stack.watch will email you.
Affected Versions
FFmpeg:- Version 829680f96a7a7ff02d1543895ec0fb713309d5c0 and below 8.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.