CVE-2025-8586

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-8586

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8586.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-8586

Downstream

UBUNTU-CVE-2025-8586

Published

2025-08-05T18:15:35.493Z

Modified

2026-04-10T05:37:21.413221Z

Severity

1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ffseekframe_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.

References

Affected packages

Git / github.com/libav/libav

Affected ranges

Type

GIT

Repo

https://github.com/libav/libav

Events

Introduced

Last affected

df744e3cf66548c9167ea857104a29d2ea92819e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "12.3"
        }
    ]
}

Affected versions

dev14.*

dev14.2

v0.*

v0.7

v0.7b1

v0.7b2

v0.7rc1

v0.8

v0.8b1

v0.8b2

Other

v10_alpha1

v10_alpha2

v10_beta1

v11_alpha1

v11_alpha2

v11_beta1

v11_dev0

v12

v12_alpha1

v12_alpha2

v12_beta1

v12_dev0

v9_beta1

v9_beta2

v9_beta3

v12.*

v12.1

v12.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8586.json"