CVE-2025-59728

Name
CVE-2025-59728
Description
When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is not an empty string, it is assigned to root_url at [1].If the last (non-NUL) byte in this buffer is not '/' then we append '/' in-place at [2]. This will write two bytes into the buffer, starting at the last valid byte in the buffer, writing the NUL byte beyond the end of the allocated buffer. We recommend upgrading to version 8.0 or beyond.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve-coordination@google.com https://issuetracker.google.com/433502298

Match rules

CPE URI Source package Min version Max version
mpeg-dash >= 7.1.1 < 8.0
mpeg-dash >= a218cafe4d3be005ab0c61130f90db4d21afb5db < 8.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ffmpeg edge-community 8.0-r0 Achill Gilgenast <achill@achill.org> fixed