CVE-2025-25473 — NULL Pointer Dereference in Ffmpeg

CWE-476 — NULL Pointer Dereference6 documents5 sources

Severity

5.3MEDIUMNVD

OSV4.8

EPSS

0.1%

top 72.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedFeb 18

Latest updateMay 28

Description

FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶debiandebian/ffmpeg< ffmpeg 7:8.0.1-2 (forky)

▶Debianffmpeg/ffmpeg< 7:7.1.3-0+deb13u1+1

▶Ubuntuffmpeg/ffmpeg< 7:2.8.17-0ubuntu0.1+esm10+4

🔴Vulnerability Details

OSV

ffmpeg vulnerabilities↗2025-05-28

▶

GHSA

GHSA-c92g-p5cr-cr59: FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov↗2025-02-19

▶

OSV

CVE-2025-25473: FFmpeg git master before commit c08d30 was discovered to contain a memory leak in the avformat_free_context function in libavutil/mem↗2025-02-18

▶

📋Vendor Advisories

Ubuntu

FFmpeg vulnerabilities↗2025-05-28

▶

Debian

CVE-2025-25473: ffmpeg - FFmpeg git master before commit c08d30 was discovered to contain a memory leak i...↗2025

▶