CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-25467: Insufficient tracking and releasing of allocated used memory in libx264 git master allows attackers to execute arbitrary code via creating a...

Description

Insufficient tracking and releasing of allocated used memory in libx264 git master allows attackers to execute arbitrary code via creating a crafted AAC file.

Classification

CVE ID: CVE-2025-25467

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.11% (probability of being exploited)

EPSS Percentile: 25.7% (scored less or equal to compared to others)

EPSS Date: 2025-03-19 (when was this score calculated)

References

https://code.videolan.org/videolan/x264/-/issues/75

Timeline