CVE-2025-47807 — NULL Pointer Dereference in Gstreamer

CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 92.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gstreamer Debian Gst-plugins-base1.0

Timeline

PublishedAug 7

Latest updateOct 20

Description

In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDgstreamer/gstreamer< 1.26.2

▶debiandebian/gst-plugins-base1.0< gst-plugins-base1.0 1.22.0-3+deb12u5 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-rwxm-pxw4-qv8v: In GStreamer through 1↗2025-08-07

▶

OSV

CVE-2025-47807: In GStreamer through 1↗2025-08-07

▶

CVEList

CVE-2025-47807: In GStreamer through 1↗2025-08-07

▶

📋Vendor Advisories

Ubuntu

GStreamer Base Plugins vulnerabilities↗2025-10-20

▶

Ubuntu

GStreamer Base Plugins vulnerabilities↗2025-08-26

▶

Red Hat

gstreamer1-plugins-base: GStreamer Subparse NULL Pointer Dereference↗2025-08-07

▶

Debian

CVE-2025-47807: gst-plugins-base1.0 - In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting fu...↗2025

▶