CVE-2025-8584

A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
libavlibav
𝑥
≤ 12.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libav
questing
dne
plucky
dne
noble
dne
jammy
dne
trusty
needed
ffmpeg
questing
not-affected
plucky
not-affected
noble
not-affected
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://drive.google.com/file/d/1OwDNHuTbZFNTDX9afmvez_old3oRC7dM/view?usp=sharing
https://trac.ffmpeg.org/ticket/11679
https://vuldb.com/?ctiid.318817
https://vuldb.com/?id.318817
https://vuldb.com/?submit.621824
https://trac.ffmpeg.org/ticket/11679