{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-18T00:00:00Z",
  "bugzilla" : {
    "description" : "ffmpeg: FFmpeg: Integer overflow vulnerability leads to Denial of Service",
    "id" : "2423583",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2423583"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-190",
  "details" : [ "Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.", "A flaw was found in FFmpeg, an open-source multimedia framework. This vulnerability is an integer overflow within the yuv2ya16_X_c_template function. A remote attacker could exploit this by providing a specially crafted input, leading to a denial of service (DoS), which means the affected system or application would become unavailable." ],
  "statement" : "This vulnerability is rated Important for Red Hat products. An integer overflow in FFmpeg's `yuv2ya16_X_c_template` function can be exploited by a remote attacker providing specially crafted input, leading to a denial of service. This impacts components like `ffmpeg`, `qt5-qtwebengine`, and `qt6-qtwebengine` in Red Hat Community Projects and Red Hat Enterprise Linux AI.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Out of support scope",
    "package_name" : "ffmpeg",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-63757\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-63757\nhttps://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20698\nhttps://ffmpeg.org/security.html\nhttps://gist.github.com/miora-sora/43c1c5616dd5b4f960a9d20296ef4833" ],
  "name" : "CVE-2025-63757",
  "mitigation" : {
    "value" : "To mitigate this issue, users should avoid processing untrusted or specially crafted media files with applications that utilize FFmpeg. Limiting the exposure of applications using FFmpeg to untrusted input can reduce the risk of a denial of service.",
    "lang" : "en:us"
  },
  "csaw" : false
}