CVE Details
Basic Information
| Title | libav AVI File Parser buffer.c av_buffer_unref null pointer dereference |
|---|---|
| Type | cve |
| Published | 2025-08-05T16:32:06.484Z |
| Modified | 2025-08-05T16:32:06.484Z |
Product Information
| Vendor | n/a |
|---|---|
| Product | libav |
| Version | 12.0 |
CVSS Information
| Base Score | 4.8 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A null pointer dereference vulnerability in libav up to version 12.3 affects the AVI File Parser. This issue requires local access to exploit and was disclosed to the wrong project initially. The vulnerability impacts products that are no longer supported. |
|---|---|
| AI Severity | Medium |
| AI Vendor | FFmpeg Project |
| AI Product | libav |
| AI Version | 12.0, 12.1, 12.2, 12.3 |
Affected Products
- n/a libav 12.0
- n/a libav 12.1
- n/a libav 12.2
- n/a libav 12.3
Additional Information
| CWE List | CWE-476, CWE-404 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.