Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-22919
CVE-2025-22919:
Ffmpeg vulnerability analysis and mitigation
Overview
A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file. The vulnerability was discovered in February 2025 and assigned identifier CVE-2025-22919 (CVE List, Debian Tracker).
Technical details
The vulnerability manifests as an assertion failure in fftools/ffmpegenc.c at line 219, triggered when processing malformed AAC files. The assertion `frame->format != AVSAMPLEFMTNONE && frame->samplerate > 0 && frame->chlayout.nb_channels > 0` fails during audio processing (FFmpeg Ticket).
Impact
When exploited, the vulnerability results in a Denial of Service condition by causing the FFmpeg application to terminate unexpectedly when processing specially crafted AAC files (CVE List).
Mitigation and workarounds
The vulnerability has been fixed in FFmpeg version 7:4.3.8-0+deb11u3 for Debian 11 bullseye. The fix was also implemented in commit 1446e37d3d032e1452844778b3e6ba2c20f0c322 (Debian LTS, FFmpeg Ticket).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management