CVE-2025-12343
Received Received - Intake
Double-Free Vulnerability in FFmpeg TensorFlow Backend Causes DoS

Publication date: 2026-02-18

Last updated on: 2026-02-26

Assigner: Fedora Project

Description
A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memory deallocation can lead to a double-free condition, potentially causing FFmpeg or any application using it to crash when processing TensorFlow-based DNN models. This results in a denial-of-service scenario but does not allow arbitrary code execution under normal conditions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-18
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12343
EUVD
EUVD-2025-207797
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ffmpeg ffmpeg From 6.1 (inc) to 8.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "This vulnerability is a double-free flaw in FFmpeg's TensorFlow backend, specifically in the dnn_execute_model_tf() function. A task object is freed multiple times during certain error-handling paths, causing memory corruption. This improper memory management can lead to crashes when processing TensorFlow-based deep neural network models."}] [1]

Impact Analysis

The vulnerability can cause FFmpeg or any application using its TensorFlow DNN backend to crash, resulting in a denial-of-service (DoS) condition. An attacker can exploit this by supplying specially crafted data, triggering the double-free and causing the application to terminate unexpectedly.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

This vulnerability causes a denial-of-service by crashing FFmpeg or applications using its TensorFlow DNN backend when processing specially crafted data. Immediate mitigation steps include avoiding the use of FFmpeg with TensorFlow DNN models on untrusted data and applying any available patches or updates from your Linux distribution or FFmpeg maintainers that address this double-free issue.

Since the vulnerability is triggered by processing crafted data, restricting or validating input data to FFmpeg processes can reduce risk. Monitoring for crashes or abnormal terminations of FFmpeg processes may also help detect exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12343. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart