Vulnerability Description
A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | <= 7.1 |
Related Weaknesses (CWE)
References
- https://ffmpeg.org/Product
- https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633Patch
- https://trac.ffmpeg.org/attachment/ticket/11460/pocExploitVendor Advisory
- https://trac.ffmpeg.org/ticket/11460ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?ctiid.295982Permissions RequiredVDB Entry
- https://vuldb.com/?id.295982Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.496930Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-1373?
CVE-2025-1373 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The man...
How severe is CVE-2025-1373?
CVE-2025-1373 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-1373?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.