{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T20:43:50.702","vulnerabilities":[{"cve":{"id":"CVE-2025-12343","sourceIdentifier":"patrick@puiterwijk.org","published":"2026-02-18T21:16:20.453","lastModified":"2026-02-26T22:32:44.470","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions."},{"lang":"es","value":"Se encontró una vulnerabilidad en el backend de TensorFlow de FFmpeg dentro del archivo fuente libavfilter/dnn_backend_tf.c. El problema ocurre en la función dnn_execute_model_tf(), donde un objeto de tarea se libera múltiples veces en ciertas rutas de manejo de errores. Esta desasignación de memoria redundante puede llevar a una condición de doble liberación, lo que podría causar que FFmpeg o cualquier aplicación que lo use se bloquee al procesar modelos DNN basados en TensorFlow. Esto resulta en un escenario de denegación de servicio, pero no permite la ejecución de código arbitrario bajo condiciones normales."}],"metrics":{"cvssMetricV31":[{"source":"patrick@puiterwijk.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"patrick@puiterwijk.org","type":"Secondary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"8.1","matchCriteriaId":"A525AFEB-C7C8-4310-A4D1-B776ABEFC206"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-12343","source":"patrick@puiterwijk.org","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406533","source":"patrick@puiterwijk.org","tags":["Issue Tracking","Third Party Advisory"]}]}}]}