DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CVE-2025-59730

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-59730

Severity

Unknown
Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Summary

Heap-buffer-overflow write in FFmpeg SANM decoding due to lack of bounds-checking in old_codec48

Description

When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it.

Frames encoded with codec 48 can specify their resolution (width x height). A buffer of appropriate size is allocated depending on the resolution.

This codec can encode the frame contents using a run-length encoding algorithm. There are no checks that the decoded frame fits in the allocated buffer, leading to a heap-buffer-overflow.

process_frame_obj initializes the buffers based on the frame resolution:

We recommend upgrading to version 8.0 or beyond.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-59730

Affected packages


The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.