{
  "threat_severity" : "Moderate",
  "public_date" : "2026-03-16T00:00:00Z",
  "bugzilla" : {
    "description" : "FFmpeg: out-of-bounds read in RV60 video decoder",
    "id" : "2448195",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2448195"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-125",
  "details" : [ "Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value can reach 65 (base value 63 from 6-bit frame header + offset +2 from read_qp_offset) while the rv60_qp_to_idx array has size 64 (valid indices 0-63). This results in out-of-bounds array access at lines 1554 (decode_cbp8), 1655 (decode_cbp16), and 1419/1421 (get_c4x4_set), potentially leading to memory disclosure or crash. A previous fix in commit 61cbcaf93f added validation only for intra frames. This vulnerability affects the released versions 8.0 (released 2025-08-22) and 8.0.1 (released 2025-11-20) and is fixed in git master commit 8abeb879df which will be included in FFmpeg 8.1.", "A flaw was found in the RV60 video decoder in FFmpeg. Processing a specially crafted RV60 file can cause an out-of-bounds read due to an improper bounds checking of the quantization parameter (QP), resulting in a limited information disclosure and denial of service." ],
  "statement" : "To exploit this issue, an attacker needs to convince a user to process a specially crafted RV60 file. Also, the only security impact of this flaw is a limited information disclosure and a denial of service. There is no memory corruption or arbitrary command execution. Due to these reasons, this vulnerability has been rated with a moderate severity.",
  "package_state" : [ {
    "product_name" : "Lightspeed Core",
    "fix_state" : "Affected",
    "package_name" : "lightspeed-core/rag-tool-rhel9",
    "cpe" : "cpe:/a:redhat:lightspeed_core"
  }, {
    "product_name" : "Red Hat AI Inference Server",
    "fix_state" : "Affected",
    "package_name" : "rhaiis-preview/vllm-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Not affected",
    "package_name" : "ffmpeg",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Not affected",
    "package_name" : "rhelai3/bootc-aws-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Not affected",
    "package_name" : "rhelai3/bootc-azure-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Not affected",
    "package_name" : "rhelai3/bootc-azure-rocm-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Not affected",
    "package_name" : "rhelai3/bootc-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Not affected",
    "package_name" : "rhelai3/bootc-gcp-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Not affected",
    "package_name" : "rhelai3/bootc-rocm-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-vllm-gaudi-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-69693\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-69693\nhttps://github.com/FFmpeg/FFmpeg/commit/8abeb879df66ea8d27ce1735925ced5a30813de4\nhttps://github.com/FFmpeg/FFmpeg/releases/tag/n8.0\nhttps://github.com/FFmpeg/FFmpeg/releases/tag/n8.0.1" ],
  "name" : "CVE-2025-69693",
  "mitigation" : {
    "value" : "To reduce the risk of exploitation, avoid processing untrusted RV60 files with FFmpeg. If FFmpeg is deployed in a way that it processes files from untrusted sources automatically, consider running the application inside a container or a restricted sandbox environment to limit the potential security impact.",
    "lang" : "en:us"
  },
  "csaw" : false
}