A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
References
Link | Resource |
---|---|
https://drive.google.com/file/d/1CX1GZUyJVzyDDGLVa8FG58XUt_30kHKT/view?usp=sharing | Exploit |
https://trac.ffmpeg.org/ticket/11681 | Exploit |
https://vuldb.com/?ctiid.318819 | Permissions Required VDB Entry |
https://vuldb.com/?id.318819 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.621826 | Third Party Advisory VDB Entry |
https://trac.ffmpeg.org/ticket/11681 | Exploit |
https://vuldb.com/?submit.621826 | Third Party Advisory VDB Entry |
Configurations
History
04 Sep 2025, 15:36
Type | Values Removed | Values Added |
---|---|---|
Summary | (es) Se encontró una vulnerabilidad clasificada como problemática en libav hasta la versión 12.3. Esta afecta a la función ff_seek_frame_binary del archivo /libavformat/utils.c del componente Analizador de Archivos MPEG. La manipulación provoca la desreferenciación de punteros nulos. Es posible lanzar el ataque contra el host local. Se ha hecho público el exploit y puede que sea utilizado. El investigador reportó inicialmente el error al proyecto equivocado. Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante. | |
First Time |
Libav libav
Libav |
|
CPE | cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:* | |
References | () https://drive.google.com/file/d/1CX1GZUyJVzyDDGLVa8FG58XUt_30kHKT/view?usp=sharing - Exploit | |
References | () https://trac.ffmpeg.org/ticket/11681 - Exploit | |
References | () https://vuldb.com/?ctiid.318819 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.318819 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.621826 - Third Party Advisory, VDB Entry |
06 Aug 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://trac.ffmpeg.org/ticket/11681 - | |
References | () https://vuldb.com/?submit.621826 - |
05 Aug 2025, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-08-05 18:15
Updated : 2025-09-04 15:36
NVD link : CVE-2025-8586
Mitre link : CVE-2025-8586
CVE.ORG link : CVE-2025-8586
JSON object : View
Products Affected
libav
- libav