CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-25473: FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.

Description

FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.

Classification

CVE ID: CVE-2025-25473

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 11.33% (scored less or equal to compared to others)

EPSS Date: 2025-03-19 (when was this score calculated)

References

https://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff/4f3c9f2f03378a08692a26532bc3146414717f8c..c08d300481b8ebb846cd43a473988fdbc6793d1b:/libavformat/avformat.c
https://trac.ffmpeg.org/ticket/11419
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c08d300481b8ebb846cd43a473988fdbc6793d1b

Timeline