CVE-2025-57613

Source
https://cve.org/CVERecord?id=CVE-2025-57613
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57613.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-57613
Published
2025-09-02T16:15:40.117Z
Modified
2026-04-10T05:32:35.114286Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause a denial of service. The vulnerability is triggered when the avioalloccontext() call fails and returns NULL, which is then stored and later dereferenced by the Io struct's Drop implementation.

References

Affected packages

Git / github.com/meh/rust-ffmpeg

Affected ranges

Type
GIT
Repo
https://github.com/meh/rust-ffmpeg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3.0"
        }
    ]
}

Affected versions

v0.*
v0.3.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57613.json"