2346056 – (CVE-2025-1373) CVE-2025-1373 ffmpeg: FFmpeg MOV Parser mov.c mov_read_trak null pointer dereference

Bug 2346056 (CVE-2025-1373) - CVE-2025-1373 ffmpeg: FFmpeg MOV Parser mov.c mov_read_trak null pointer dereference

Summary: CVE-2025-1373 ffmpeg: FFmpeg MOV Parser mov.c mov_read_trak null pointer dere...

Keywords:
Status:	NEW
Alias:	CVE-2025-1373
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2346103
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-17 04:01 UTC by OSIDB Bzimport
Modified:	2025-03-07 20:59 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-02-17 04:01:10 UTC

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue.

Comment 2 Dominik 'Rathann' Mierzejewski 2025-03-07 20:59:41 UTC

Upstream ticket: https://trac.ffmpeg.org/ticket/11460 .

The patch doesn't apply to 7.1 and older, because the code is different.

Note You need to log in before you can comment on or make changes to this bug.