CVE-2025-1373
- Source
- https://cve.org/CVERecord?id=CVE-2025-1373
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1373.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-1373
- Downstream
- Related
- Published
- 2025-02-17T04:15:08.447Z
- Modified
- 2026-02-13T02:48:15.143646Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function movreadtrak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue.
- References
-
- https://ffmpeg.org/
- https://trac.ffmpeg.org/attachment/ticket/11460/poc
- https://trac.ffmpeg.org/ticket/11460
- https://vuldb.com/?ctiid.295982
- https://vuldb.com/?id.295982
- https://vuldb.com/?submit.496930
- https://trac.ffmpeg.org/ticket/11460
- https://vuldb.com/?ctiid.295982
- https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13
- https://trac.ffmpeg.org/attachment/ticket/11460/poc
- https://trac.ffmpeg.org/ticket/11460
Affected packages
Git / git.ffmpeg.org/ffmpeg.git
Affected ranges
- Type
- GIT
- Repo
- https://git.ffmpeg.org/ffmpeg.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
N
n0.*
n0.11-dev
n0.12-dev
n0.8
n1.*
n1.1-dev
n1.2-dev
n1.3-dev
n2.*
n2.0
n2.1-dev
n2.2-dev
n2.3-dev
n2.4-dev
n2.5-dev
n2.6-dev
n2.7-dev
n2.8-dev
n2.9-dev
n3.*
n3.1-dev
n3.2-dev
n3.3-dev
n3.4-dev
n3.5-dev
n4.*
n4.1-dev
n4.2-dev
n4.3-dev
n4.4-dev
n4.5-dev
n5.*
n5.1-dev
n5.2-dev
n6.*
n6.1-dev
n6.2-dev
n7.*
n7.1-dev
n7.2-dev