Bug 2346409 (CVE-2025-25471) - CVE-2025-25471 ffmpeg: NULL Pointer Dereference in FFmpeg's MOV Parser
Summary: CVE-2025-25471 ffmpeg: NULL Pointer Dereference in FFmpeg's MOV Parser
Keywords:
Status: NEW
Alias: CVE-2025-25471
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2346544 2346545 2346546 2346547 2346548 2346549 2346550 2346551
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-18 23:01 UTC by OSIDB Bzimport
Modified: 2025-03-07 23:59 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-18 23:01:33 UTC 
FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.
Comment 2 Dominik 'Rathann' Mierzejewski 2025-03-07 23:59:41 UTC 
https://trac.ffmpeg.org/ticket/11417 . I can't reproduce this with 7.1.1 or 6.1.2.
Note You need to log in before you can comment on or make changes to this bug.