FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.
The vulnerability (CWE-415) consists of double-freeing the same memory area in the rkmpp_retrieve_frame function handling video decoding by the RKMPP hardware decoder. This situation leads to heap corruption, which can be exploited by an attacker to take control of the program's execution flow. A crafted multimedia file or video stream processed through the vulnerable decoding path can trigger this error.
An attacker can trigger arbitrary code execution (RCE) in the context of the FFmpeg process, and as a result, achieve complete system takeover, data disclosure, or system destabilization.
FFmpeg should be updated to a version containing the fix available in commit 4513300989502090c4fd6560544dce399a8cd53c in the vendor's repository. Debian distribution users should apply patches announced in the debian-lts-announce message from February 2025.
FFmpeg version n7.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFfmpeg
APPFfmpeg7.0
Related vulnerabilities
FFmpeg: Out-of-bounds Read w dekoderze VP8 na architekturze PowerPC (AltiVec)
FFmpeg: Integer Overflow w parse_options (sbgdec.c) — moduł libavformat
FFmpeg: nieprawidłowa walidacja indeksu tablicy w dekodowaniu H.266
Integer overflow w FFmpeg — RCE przez parser JPEG XL
Integer overflow w FFmpeg — RCE przez dekoder animacji JPEG XL