{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-69693", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-16T20:04:20.747Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-03-16T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-16T19:15:32.723Z"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value can reach 65 (base value 63 from 6-bit frame header + offset +2 from read_qp_offset) while the rv60_qp_to_idx array has size 64 (valid indices 0-63). This results in out-of-bounds array access at lines 1554 (decode_cbp8), 1655 (decode_cbp16), and 1419/1421 (get_c4x4_set), potentially leading to memory disclosure or crash. A previous fix in commit 61cbcaf93f added validation only for intra frames. This vulnerability affects the released versions 8.0 (released 2025-08-22) and 8.0.1 (released 2025-11-20) and is fixed in git master commit 8abeb879df which will be included in FFmpeg 8.1."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FFmpeg/FFmpeg/commit/8abeb879df66ea8d27ce1735925ced5a30813de4"}, {"url": "https://github.com/FFmpeg/FFmpeg/releases/tag/n8.0"}, {"url": "https://github.com/FFmpeg/FFmpeg/releases/tag/n8.0.1"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T20:03:38.821058Z", "id": "CVE-2025-69693", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T20:04:20.747Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-69693", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T20:03:38.821058Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T20:01:47.703Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/FFmpeg/FFmpeg/commit/8abeb879df66ea8d27ce1735925ced5a30813de4"}, {"url": "https://github.com/FFmpeg/FFmpeg/releases/tag/n8.0"}, {"url": "https://github.com/FFmpeg/FFmpeg/releases/tag/n8.0.1"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value can reach 65 (base value 63 from 6-bit frame header + offset +2 from read_qp_offset) while the rv60_qp_to_idx array has size 64 (valid indices 0-63). This results in out-of-bounds array access at lines 1554 (decode_cbp8), 1655 (decode_cbp16), and 1419/1421 (get_c4x4_set), potentially leading to memory disclosure or crash. A previous fix in commit 61cbcaf93f added validation only for intra frames. This vulnerability affects the released versions 8.0 (released 2025-08-22) and 8.0.1 (released 2025-11-20) and is fixed in git master commit 8abeb879df which will be included in FFmpeg 8.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-16T19:15:32.723Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69693", "state": "PUBLISHED", "dateUpdated": "2026-03-16T20:04:20.747Z", "dateReserved": "2026-01-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-16T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3BC8327-6529-4B32-B7AF-FCAB3BDF8B42", "vulnerable": true}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F5CACA2-6FB6-4D6D-92D0-C9FF0E7CDB14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value can reach 65 (base value 63 from 6-bit frame header + offset +2 from read_qp_offset) while the rv60_qp_to_idx array has size 64 (valid indices 0-63). This results in out-of-bounds array access at lines 1554 (decode_cbp8), 1655 (decode_cbp16), and 1419/1421 (get_c4x4_set), potentially leading to memory disclosure or crash. A previous fix in commit 61cbcaf93f added validation only for intra frames. This vulnerability affects the released versions 8.0 (released 2025-08-22) and 8.0.1 (released 2025-11-20) and is fixed in git master commit 8abeb879df which will be included in FFmpeg 8.1."}, {"lang": "es", "value": "Lectura fuera de l\u00edmites en el decodificador de video RV60 de FFmpeg 8.0 y 8.0.1 (libavcodec/rv60dec.c). La validaci\u00f3n del par\u00e1metro de cuantificaci\u00f3n (qp) en la l\u00ednea 2267 solo verifica el l\u00edmite inferior (qp &lt; 0) pero carece de validaci\u00f3n del l\u00edmite superior. El valor de qp puede alcanzar 65 (valor base 63 del encabezado de trama de 6 bits + desplazamiento +2 de read_qp_offset) mientras que el array rv60_qp_to_idx tiene un tama\u00f1o de 64 (\u00edndices v\u00e1lidos 0-63). Esto resulta en acceso a array fuera de l\u00edmites en las l\u00edneas 1554 (decode_cbp8), 1655 (decode_cbp16) y 1419/1421 (get_c4x4_set), lo que podr\u00eda llevar a la divulgaci\u00f3n de memoria o a un fallo. Una correcci\u00f3n anterior en el commit 61cbcaf93f a\u00f1adi\u00f3 validaci\u00f3n solo para fotogramas intra. Esta vulnerabilidad afecta a las versiones publicadas 8.0 (publicada el 22-08-2025) y 8.0.1 (publicada el 20-11-2025) y est\u00e1 corregida en el commit maestro de git 8abeb879df que se incluir\u00e1 en FFmpeg 8.1."}], "id": "CVE-2025-69693", "lastModified": "2026-03-19T14:19:12.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-16T20:16:15.060", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/FFmpeg/FFmpeg/commit/8abeb879df66ea8d27ce1735925ced5a30813de4"}, {"source": "cve@mitre.org", "tags": ["Product", "Release Notes"], "url": "https://github.com/FFmpeg/FFmpeg/releases/tag/n8.0"}, {"source": "cve@mitre.org", "tags": ["Product", "Release Notes"], "url": "https://github.com/FFmpeg/FFmpeg/releases/tag/n8.0.1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "FFmpeg: out-of-bounds read in RV60 video decoder", "id": "2448195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448195"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in the RV60 video decoder in FFmpeg. Processing a specially crafted RV60 file can cause an out-of-bounds read due to an improper bounds checking of the quantization parameter (QP), resulting in a limited information disclosure and denial of service."], "mitigation": {"lang": "en:us", "value": "To reduce the risk of exploitation, avoid processing untrusted RV60 files with FFmpeg. If FFmpeg is deployed in a way that it processes files from untrusted sources automatically, consider running the application inside a container or a restricted sandbox environment to limit the potential security impact."}, "name": "CVE-2025-69693", "package_state": [{"cpe": "cpe:/a:redhat:lightspeed_core", "fix_state": "Affected", "package_name": "lightspeed-core/rag-tool-rhel9", "product_name": "Lightspeed Core"}, {"cpe": "cpe:/a:redhat:ai_inference_server:3", "fix_state": "Affected", "package_name": "rhaiis-preview/vllm-cuda-rhel9", "product_name": "Red Hat AI Inference Server"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Not affected", "package_name": "ffmpeg", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Not affected", "package_name": "rhelai3/bootc-aws-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Not affected", "package_name": "rhelai3/bootc-azure-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Not affected", "package_name": "rhelai3/bootc-azure-rocm-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Not affected", "package_name": "rhelai3/bootc-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Not affected", "package_name": "rhelai3/bootc-gcp-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Not affected", "package_name": "rhelai3/bootc-rocm-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-vllm-gaudi-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}], "public_date": "2026-03-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-69693\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-69693\nhttps://github.com/FFmpeg/FFmpeg/commit/8abeb879df66ea8d27ce1735925ced5a30813de4\nhttps://github.com/FFmpeg/FFmpeg/releases/tag/n8.0\nhttps://github.com/FFmpeg/FFmpeg/releases/tag/n8.0.1"], "statement": "To exploit this issue, an attacker needs to convince a user to process a specially crafted RV60 file. Also, the only security impact of this flaw is a limited information disclosure and a denial of service. There is no memory corruption or arbitrary command execution. Due to these reasons, this vulnerability has been rated with a moderate severity.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,8.0.1]"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "ffmpeg", "vendor": "ffmpeg"}], "analysis": {"en": {"generated_at": "2026-03-19T15:36:47.498922+00:00", "value": {"mitigation_remediation": ["Upgrade FFmpeg to version 8.1 or later to apply the fix.", "Apply the master commit 8abeb879df to your FFmpeg source before compiling if an upgrade is not possible.", "Avoid decoding RV60 video files with vulnerable FFmpeg versions 8.0 and 8.0.1.", "Monitor FFmpeg releases for further security updates."], "summary": {"action": "Patch Now", "impact": "Memory disclosure or crash via out-of-bounds read"}, "threat_synthesis": {"affected_systems": "Affected systems are installations of FFmpeg version 8.0.0 (released 2025\u201108\u201122) and 8.0.1 (released 2025\u201111\u201120) that use the RV60 decoder. The vulnerability is tracked by CPE identifiers cpe:2.3:a:ffmpeg:ffmpeg:8.0:* and cpe:2.3:a:ffmpeg:ffmpeg:8.0.1:*. Any environment that processes RV60 video frames with these FFmpeg releases is impacted.", "description_and_impact": "The vulnerability occurs in FFmpeg version 8.0 and 8.0.1 when decoding RV60 video streams. During decoding, the quantization parameter (qp) validation only checks for values less than zero but does not enforce the upper bound. A malicious encoder can produce a qp of up to 65, which exceeds the rv60_qp_to_idx array size of 64. The resulting out-of-bounds array accesses in decode_cbp8, decode_cbp16, and get_c4x4_set functions lead to memory disclosure or a crash. This weakness corresponds to CWE\u2011125 (Out\u2011of\u2011Bounds Read).", "risk_and_exploitability": "The CVSS base score is 5.4, indicating a moderate risk. EPSS is less than 1%, suggesting a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA's KEV catalog. Based on the description, it is inferred that a malicious RV60 video file can trigger the flaw, causing either a crash or memory disclosure; this attack would be local to the process that decodes the file, but could also lead to denial of service if the user or application is not protected. No remote code execution is indicated. The mitigation is to upgrade to FFmpeg 8.1 or later where the issue is fixed."}}}}, "created": "2026-03-17T09:55:36.492715+00:00", "updated": "2026-03-23T14:01:02.086202+00:00", "vendors": ["ffmpeg", "ffmpeg$PRODUCT$ffmpeg"]}