An out-of-bounds read vulnerability exists in FFmpeg’s AV1 decoding component. An attacker can trigger this issue by providing a crafted malicious AV1 input, potentially causing a crash or leading to serious information disclosure.
Out-of-Bounds Access (out-of-bounds read)
FFmpeg Project (FFmpeg)
FFmpeg ≤ 8.0.1 (released on 2025-11-20)
./libavcodec/av1dec.c, read_global_param
An attacker can craft a malicious AV1 bitstream or media file to trigger the vulnerability. When an affected version of FFmpeg decodes this input, an out-of-bounds read may occur. Downstream applications that rely on FFmpeg for decoding/transcoding may also be impacted.
In ./libavcodec/av1dec.c, within the function read_global_param, the array ref_frame_idx has a size of 7 (valid indices are [0–6]). However, the following logic exists:
primary_frame = s->raw_frame_header->primary_ref_frame;
prev_frame = s->raw_frame_header->ref_frame_idx[primary_frame];
Here, primary_frame is taken from s->raw_frame_header->primary_ref_frame. When primary_frame equals AV1_PRIMARY_REF_NONE == 7, the code accesses:
s->raw_frame_header->ref_frame_idx[7]
This is outside the valid bounds of ref_frame_idx, resulting in an out-of-bounds read.
This issue can cause decoding errors or a process crash, and in some cases may read adjacent memory, which can pose a serious information disclosure risk.
Before accessing ref_frame_idx[primary_frame], explicitly validate that primary_frame is within range, e.g.: