CVE-2025-59728: 
Ffmpeg vulnerability analysis and mitigation

CVE-2025-59728 is a buffer overflow vulnerability discovered in the handling of MPEG-DASH manifests. The vulnerability was disclosed on October 6, 2025, and involves an out-of-bounds NUL-byte write that occurs one byte past the end of the buffer. The issue affects systems that process MPEG-DASH content (NVD).

The vulnerability occurs during content path calculation in MPEG-DASH manifest handling. When xmlNodeGetContent is called, it returns a buffer precisely allocated to match the string length using strdup internally. If this buffer is not empty, it is assigned to root_url. When the last non-NUL byte in the buffer is not '/', an attempt to append '/' in-place results in writing two bytes into the buffer, starting at the last valid byte, causing the NUL byte to be written beyond the allocated buffer's end. The vulnerability has been assigned a CVSS 4.0 Base Score of 8.7 (HIGH) with the vector string CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N (NVD).

The vulnerability can lead to buffer overflow conditions, potentially allowing attackers to execute arbitrary code or cause system crashes. The high CVSS score indicates significant potential impact on both confidentiality and integrity of the affected systems (NVD).

The recommended mitigation is to upgrade to version 8.0 or beyond of the affected software (NVD).