{"id":"JLSEC-2025-109","summary":"FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because...","details":"FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.","modified":"2025-11-03T00:18:45.491040Z","published":"2025-10-19T19:08:53.760Z","upstream":["CVE-2020-14212"],"database_specific":{"sources":[{"modified":"2024-11-21T05:02:52.750Z","imported":"2025-10-18T14:07:17.064Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2020-14212","id":"CVE-2020-14212","published":"2020-06-16T22:15:10.443Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14212"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=1463"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202007-58"},{"type":"WEB","url":"https://trac.ffmpeg.org/ticket/8716"}],"affected":[{"package":{"name":"FFMPEG_jll","ecosystem":"Julia","purl":"pkg:julia/FFMPEG_jll?uuid=b22a6f82-2f65-5046-a5b2-351ab43fb4e5"},"ranges":[{"type":"SEMVER","events":[{"introduced":"4.3.1+0"},{"fixed":"4.3.1+2"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-109.json"}}],"schema_version":"1.7.3"}