CVE-2025-25473 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
mitre	CNA	---				---
CISA-ADP	ADP	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 16%

Ubuntu Releases

Ubuntu Product

Codename

ffmpeg

plucky	Fixed 7:7.1.1-1ubuntu1.1 released
oracular	Fixed 7:7.0.2-3ubuntu1.1 released
noble	Fixed 7:6.1.1-3ubuntu5+esm3 released
jammy	Fixed 7:4.4.2-0ubuntu0.22.04.1+esm7 released
focal	Fixed 7:4.2.7-0ubuntu0.1+esm8 released
bionic	Fixed 7:3.4.11-0ubuntu0.1+esm8 released
xenial	Fixed 7:2.8.17-0ubuntu0.1+esm10 released

libav

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	dne
trusty	needs-triage

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff/4f3c9f2f03378a08692a26532bc3146414717f8c..c08d300481b8ebb846cd43a473988fdbc6793d1b:/libavformat/avformat.c

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c08d300481b8ebb846cd43a473988fdbc6793d1b

https://trac.ffmpeg.org/ticket/11419