Null Pointer Dereference in rust-ffmpeg Product by Rust Language
CVE-2025-57612

7.5HIGH

Key Information:

Vendor: Rust Language
Status: rust-ffmpeg
Vendor: CVE Published:; 2 September 2025

🔔 Create Rust Language Vulnerability Alert

What is CVE-2025-57612?

A vulnerability has been identified in rust-ffmpeg version 0.3.0, specifically within the name() method. This issue arises from the method's failure to properly validate the return value of the av_get_sample_fmt_name() C function. An attacker can exploit this oversight by inputting an unrecognized sample format, which leads to a denial of service. The consequence is that the application may crash due to the unhandled NULL pointer, compromising the stability of services relying on this library.

References

https://github.com/meh/rust-ffmpeg/issues/192

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2025
Vulnerability Reserved
Aug 17, 2025

CVE-2025-57612 Data

JSON