Null Pointer Dereference in GStreamer’s Subparse Plugin
CVE-2025-47807

5.5MEDIUM

Key Information:

Vendor: GStreamer
Status: GStreamer
Vendor: CVE Published:; 7 August 2025

What is CVE-2025-47807?

A vulnerability exists in GStreamer’s subparse plugin where the subrip_unescape_formatting function may dereference a NULL pointer while attempting to parse certain subtitle files. This flaw can lead to unexpected application crashes, thereby potentially disrupting services that rely on the GStreamer framework for multimedia processing. It is crucial for users and administrators to apply the latest patches and updates to safeguard against such issues.

References

https://gstreamer.freedesktop.org/security/

https://github.com/atredispartners/advisories/blob/master...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2025
Vulnerability Reserved
May 10, 2025