CVE-2025-14569

NameCVE-2025-14569
DescriptionA vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1124796

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
whisper.cpp (PTS)sid1.8.2+dfsg-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
whisper.cppsource(unstable)(unfixed)1124796

Notes

https://github.com/ggml-org/whisper.cpp/issues/3501
Search for package or bug name: Reporting problems