Primary

Context

rust-ffmpeg Null Pointer Dereference Vulnerability in name() Method Allowing Denial-of-Service

Vulnerability

A null pointer dereference vulnerability has been identified in rust-ffmpeg version 0.3.0 (after commit 5ac0527). The issue arises in the name() method, which fails to validate the return value from the av_get_sample_fmt_name() C function. This oversight allows an attacker to cause a denial-of-service condition by providing an unrecognized sample format, leading to a null pointer dereference.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by calling the name() method on a sample format that is not recognized, such as AV_SAMPLE_FMT_NONE. This will trigger the null pointer dereference, as the av_get_sample_fmt_name() function will return NULL for unrecognized formats.

Added: Sep 2, 2025, 4:31 PM

Updated: Sep 2, 2025, 8:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

0.5

threat

1.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

0.5

threat

1.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

rust-ffmpeg Null Pointer Dereference Vulnerability in name() Method Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating