Skip to main content

whisper.cpp CVE-2025-14569

LOW
Buffer Overflow (CWE-119)
2025-12-12 cna@vuldb.com
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Apr 29, 2026 - 02:45 vuln.today

DescriptionCVE.org

A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Use-after-free vulnerability in whisper.cpp up to version 1.8.2 affects the read_audio_data function in common-whisper.cpp, allowing local authenticated attackers to trigger memory corruption with limited confidentiality and integrity impact. The flaw requires local access and valid user privileges on the system, with publicly available exploit code currently circulating; however, the extremely low EPSS score (0.03%, 7th percentile) and minimal CVSS severity (1.9) suggest limited real-world exploitability despite public proof-of-concept availability.

Technical ContextAI

whisper.cpp is a C/C++ implementation of OpenAI's Whisper speech-to-text model. The vulnerability exists in the read_audio_data function within examples/common-whisper.cpp, which handles audio file input processing. The root cause is a use-after-free memory error classified under CWE-119 (improper restriction of operations within the bounds of a memory buffer), indicating that the function references memory that has already been freed during audio data parsing or processing. This typically occurs when audio buffers are deallocated but subsequent code paths still attempt to access those buffers, leading to potential information disclosure or denial of service when the freed memory is reallocated by the process.

Affected ProductsAI

ggml-org whisper.cpp versions up to and including 1.8.2 are affected. The vulnerability is localized to the read_audio_data function in the examples/common-whisper.cpp file. No specific CPE string is provided in the source data. Reference: https://github.com/ggml-org/whisper.cpp/issues/3501

RemediationAI

Upgrade whisper.cpp to a version newer than 1.8.2 when the project releases a patched version; however, as of the time of this analysis, the maintainers have not responded to the vulnerability report, and no official patch version has been released. Monitor the GitHub repository (https://github.com/ggml-org/whisper.cpp) for updates. As an interim compensating control, restrict execution of whisper.cpp examples and tools to trusted users only by removing or limiting setuid/setgid bits on affected binaries and enforcing file permission controls (chmod 750 on example directories) so that only authorized developers can invoke read_audio_data code paths. Additionally, apply operating system-level memory protections (ensure ASLR and DEP are enabled) to increase the difficulty of reliably exploiting the use-after-free condition, though this does not eliminate the vulnerability. If whisper.cpp is used in production speech-to-text pipelines, validate audio input files through a separate, sandboxed pre-processor before passing them to whisper.cpp to reduce exposure. Note that these workarounds do not fix the underlying memory bug and should be treated as temporary measures only.

Share

CVE-2025-14569 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy