CVE-2025-8586 | THREATINT

Description

A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.

Es wurde eine problematische Schwachstelle in libav bis 12.3 gefunden. Betroffen hiervon ist die Funktion ff_seek_frame_binary der Datei /libavformat/utils.c der Komponente MPEG File Parser. Mittels Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-08-05 | Published 2025-08-05 | Updated 2025-08-05 | Assigner VulDB

MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

LOW: 3.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

1.7AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

Problem types

NULL Pointer Dereference

Denial of Service

Timeline

2025-08-05:	Advisory disclosed
2025-08-05:	VulDB entry created
2025-08-05:	VulDB entry last update

References

vuldb.com/?id.318819 (VDB-318819 | libav MPEG File Parser utils.c ff_seek_frame_binary null pointer dereference) vdb-entry technical-description

vuldb.com/?ctiid.318819 (VDB-318819 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.621826 (Submit #621826 | libav avconv 13 && the newest master Segmentation fault) third-party-advisory

trac.ffmpeg.org/ticket/11681 issue-tracking

drive.google.com/...zyDDGLVa8FG58XUt_30kHKT/view?usp=sharing exploit

cve.org (CVE-2025-8586)

nvd.nist.gov (CVE-2025-8586)

Download JSON