CVE-2025-47808 — NULL Pointer Dereference in Gstreamer

CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

5.6MEDIUMNVD

EPSS

0.1%

top 73.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gstreamer Debian Gst-plugins-base1.0

Timeline

PublishedAug 7

Latest updateOct 20

Description

In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages2 packages

▶NVDgstreamer/gstreamer< 1.26.2

▶debiandebian/gst-plugins-base1.0< gst-plugins-base1.0 1.22.0-3+deb12u5 (bookworm)

🔴Vulnerability Details

OSV

CVE-2025-47808: In GStreamer through 1↗2025-08-07

▶

GHSA

GHSA-qpmm-4hhq-c2qc: In GStreamer through 1↗2025-08-07

▶

CVEList

CVE-2025-47808: In GStreamer through 1↗2025-08-07

▶

📋Vendor Advisories

Ubuntu

GStreamer Base Plugins vulnerabilities↗2025-10-20

▶

Ubuntu

GStreamer Base Plugins vulnerabilities↗2025-08-26

▶

Red Hat

gstreamer1-plugins-base: GStreamer Subparse NULL Pointer Dereference↗2025-08-07

▶

Debian

CVE-2025-47808: gst-plugins-base1.0 - In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function ...↗2025

▶