Primary

Context

rust-ffmpeg Null Pointer Dereference Vulnerability in the dump() Method Allowing Denial-of-Service

Vulnerability

A null pointer dereference vulnerability has been identified in rust-ffmpeg version 0.3.0 (after commit 5ac0527). The issue arises in the dump() method, which fails to validate the return value of avfilter_graph_dump() for NULL. This oversight can lead to a denial-of-service condition, as the method may crash if the memory allocation for avfilter_graph_dump() fails.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a crash and creating a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by calling the dump() method on a SwsContextWrapper object after avfilter_graph_dump() has been modified to return NULL (simulating a memory allocation failure).

Remediation

No specific remediation is available, but the issue can be addressed by checking for NULL return values before using pointers in the affected methods.

Added: Sep 2, 2025, 4:35 PM

Updated: Sep 2, 2025, 8:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

0.4

threat

1.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

0.4

threat

1.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

rust-ffmpeg Null Pointer Dereference Vulnerability in the dump() Method Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating