CVE-2025-25473 Affecting ffmpeg package, versions *
Threat Intelligence
Exploit Maturity
Exploit maturity not defined.
Not Defined
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-DEBIAN13-FFMPEG-8738018
- published20 Feb 2025
- disclosed18 Feb 2025
Introduced: 18 Feb 2025
NewCVE-2025-25473 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
How to fix?
There is no fixed version for Debian:13 ffmpeg.
NVD Description
Note: Versions mentioned in the description apply only to the upstream ffmpeg package and not the ffmpeg package as distributed by Debian.
See How to fix? for Debian:13 relevant fixed versions and status.
FFmpeg git master before commit c08d30 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.
References
- https://security-tracker.debian.org/tracker/CVE-2025-25473
- https://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff/4f3c9f2f03378a08692a26532bc3146414717f8c..c08d300481b8ebb846cd43a473988fdbc6793d1b:/libavformat/avformat.c
- https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c08d300481b8ebb846cd43a473988fdbc6793d1b
- https://trac.ffmpeg.org/ticket/11419