CVE-2025-1594: 
Ffmpeg vulnerability analysis and mitigation

A critical stack buffer overflow vulnerability was discovered in FFmpeg's AAC encoder component, specifically in the ffaacsearchfortns function within libavcodec/aacenc_tns.c. The vulnerability was identified in February 2025 and affects the function that handles TNS (Temporal Noise Shaping) processing during AAC encoding (FFmpeg Ticket).

The vulnerability manifests as a stack buffer overflow when reading 4 bytes at an invalid memory address during the TNS search process. The issue occurs in the ffaacsearchfortns function at line 204 of libavcodec/aacenc_tns.c. The overflow happens when accessing memory beyond the bounds of a stack-allocated array, specifically at offset 40 which overflows a variable named 'en' declared at line 183 (FFmpeg Ticket).

The vulnerability could potentially lead to memory corruption and program crashes. When exploited, it allows an attacker to read beyond the bounds of allocated stack memory, which could result in information disclosure or potential code execution depending on the memory contents and system architecture (FFmpeg Ticket).

The issue has been reported to the FFmpeg security team and patches have been developed to address the vulnerability. Users are advised to update to the latest version once patches are publicly available. In the meantime, caution should be exercised when processing untrusted input files with AAC encoding enabled (FFmpeg Ticket).