CVE-2025-8584 | THREATINT

Description

A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.

In libav bis 12.3 wurde eine problematische Schwachstelle entdeckt. Betroffen ist die Funktion av_buffer_unref der Datei libavutil/buffer.c der Komponente AVI File Parser. Durch Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-08-05 | Published 2025-08-05 | Updated 2025-08-05 | Assigner VulDB

MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

LOW: 3.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

1.7AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

Problem types

NULL Pointer Dereference

Denial of Service

Timeline

2025-08-05:	Advisory disclosed
2025-08-05:	VulDB entry created
2025-08-05:	VulDB entry last update

References

vuldb.com/?id.318817 (VDB-318817 | libav AVI File Parser buffer.c av_buffer_unref null pointer dereference) vdb-entry technical-description

vuldb.com/?ctiid.318817 (VDB-318817 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.621824 (Submit #621824 | libav avconv 13 && the newest master Segmentation fault) third-party-advisory

trac.ffmpeg.org/ticket/11679 issue-tracking

drive.google.com/...FNTDX9afmvez_old3oRC7dM/view?usp=sharing exploit

cve.org (CVE-2025-8584)

nvd.nist.gov (CVE-2025-8584)

Download JSON