NULL Pointer Dereference in FFmpeg Affects Multiple Versions
CVE-2025-25473

5.3MEDIUM

Key Information:

Vendor: FFmpeg
Status: FFmpeg
Vendor: CVE Published:; 18 February 2025

What is CVE-2025-25473?

A NULL pointer dereference vulnerability has been identified in FFmpeg git master versions prior to commit c08d30, specifically within the libavformat/mov.c component. This flaw could potentially lead to unexpected behavior or application crashes when processing certain media files. Users of affected FFmpeg versions should review their deployments and consider applying the latest updates to mitigate any risks associated with this issue.

References

https://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff/4f3c9f2...

https://trac.ffmpeg.org/ticket/11419

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c08d30048...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Feb 7, 2025