Primary

Context

FFmpeg MOV Parser Null Pointer Dereference Vulnerability

Vulnerability

A null pointer dereference vulnerability has been identified in FFmpeg versions prior to 7.1. The issue arises in the MOV parser component, specifically within the 'mov_read_trak' function in 'libavformat/mov.c'. This vulnerability requires local access to exploit.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, which can cause a crash or undefined behavior in the application.

Reproduction

The vulnerability can be reproduced by using FFmpeg to process a crafted MOV file that triggers the null pointer dereference in the 'mov_read_trak' function. This can be done by using the FFmpeg command-line tool with the 'libavformat' library.

Remediation

Users are advised to upgrade to FFmpeg version 7.1 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FFmpeg MOV Parser Null Pointer Dereference Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

FFmpeg

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating