ggml-org whisper.cpp common-whisper.cpp read_audio_data use after free_CVE-2025-14569

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2025-14569

Source VulDB

Published Dec 12, 2025 at 18:02

Affected Product

Vendor ggml-org

Product whisper.cpp

Version 1.8.0

Affected Versions ggml-org whisper.cpp 1.8.0
ggml-org whisper.cpp 1.8.1
ggml-org whisper.cpp 1.8.2

CWE Classification

CWE-416 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2025-12-12T18:02:09.274Z",
    "modified": "2025-12-12T18:02:09.274Z",
    "type": "cve",
    "title": "ggml-org whisper.cpp common-whisper.cpp read_audio_data use after free",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.336193\nhttps://vuldb.com/?ctiid.336193\nhttps://vuldb.com/?submit.703886\nhttps://github.com/ggml-org/whisper.cpp/issues/3501\nhttps://github.com/oneafter/InvalidFree/blob/main/repro",
    "id": "CVE-2025-14569",
    "bulletinFamily": "",
    "cwe": [
        "CWE-416",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "ggml-org whisper.cpp 1.8.0\nggml-org whisper.cpp 1.8.1\nggml-org whisper.cpp 1.8.2",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "whisper.cpp",
    "version": "1.8.0",
    "vendor": "ggml-org",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}