Primary

Context

Libav AVI File Parser Null Pointer Dereference Vulnerability

Vulnerability

A null pointer dereference vulnerability has been identified in Libav versions through 12.3, specifically within the AVI file parser component. The issue arises in the 'av_buffer_unref' function of 'libavutil/buffer.c', where a NULL function pointer is called during buffer management, leading to a segmentation fault. This vulnerability requires local access to exploit and affects unsupported versions of Libav.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the application.

Reproduction

The vulnerability can be reproduced using 'avconv' to process a malformed AVI file encoded with the CFHD codec. This can be done by specifying the file as input and directing the output to 'null', which will trigger the null pointer dereference and cause a segmentation fault.

Added: Aug 5, 2025, 5:20 PM

Updated: Aug 5, 2025, 6:49 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Libav AVI File Parser Null Pointer Dereference Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

libav

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating