libav DSS File Demuxer avconv.c main double free_CVE-2025-8585

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.

Basic Information

ID CVE-2025-8585

Source VulDB

Published Aug 5, 2025 at 17:02

Modified Aug 6, 2025 at 15:09

Affected Product

Vendor n/a

Product libav

Version 12.0

Affected Versions n/a libav 12.0
n/a libav 12.1
n/a libav 12.2
n/a libav 12.3

CWE Classification

CWE-415 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2025-08-05T17:02:06.134Z",
    "modified": "2025-08-06T15:09:05.365Z",
    "type": "cve",
    "title": "libav DSS File Demuxer avconv.c main double free",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.318818\nhttps://vuldb.com/?ctiid.318818\nhttps://vuldb.com/?submit.621825\nhttps://trac.ffmpeg.org/ticket/11680\nhttps://drive.google.com/file/d/1I4VVXGys156UdeSTgya_GGxLZxwuxUPw/view?usp=sharing",
    "id": "CVE-2025-8585",
    "bulletinFamily": "",
    "cwe": [
        "CWE-415",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "n/a libav 12.0\nn/a libav 12.1\nn/a libav 12.2\nn/a libav 12.3",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "libav",
    "version": "12.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}