Bug#1124796: whisper.cpp: CVE-2025-14569

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1124796: whisper.cpp: CVE-2025-14569
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 06 Jan 2026 22:26:53 +0100
Message-id: <[🔎] 176773481360.2701096.7331190407106549585.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1124796@bugs.debian.org

Source: whisper.cpp
Version: 1.8.2+dfsg-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/ggml-org/whisper.cpp/issues/3501
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for whisper.cpp.

CVE-2025-14569[0]:
| A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2.
| Affected is the function read_audio_data of the file
| /whisper.cpp/examples/common-whisper.cpp. The manipulation results
| in use after free. The attack requires a local approach. The exploit
| is now public and may be used. The project was informed of the
| problem early through an issue report but has not responded yet.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-14569
    https://www.cve.org/CVERecord?id=CVE-2025-14569
[1] https://github.com/ggml-org/whisper.cpp/issues/3501

Regards,
Salvatore

Reply to:

Prev by Date: Bug#1124711: RM: hipblas [ppc64el] -- NBS; ppc64el support dropped
Next by Date: Bug#1113813: fixed in llama.cpp 6641+dfsg-2
Previous by thread: Bug#1124711: RM: hipblas [ppc64el] -- NBS; ppc64el support dropped
Next by thread: Bug#1113813: fixed in llama.cpp 6641+dfsg-2
Index(es):
- Date
- Thread