{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8584", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-05T08:57:37.080Z", "datePublished": "2025-08-05T16:32:06.484Z", "dateUpdated": "2025-08-05T17:53:41.456Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-05T16:32:06.484Z"}, "title": "libav AVI File Parser buffer.c av_buffer_unref null pointer dereference", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "libav", "versions": [{"version": "12.0", "status": "affected"}, {"version": "12.1", "status": "affected"}, {"version": "12.2", "status": "affected"}, {"version": "12.3", "status": "affected"}], "modules": ["AVI File Parser"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "de", "value": "In libav bis 12.3 wurde eine problematische Schwachstelle entdeckt. Betroffen ist die Funktion av_buffer_unref der Datei libavutil/buffer.c der Komponente AVI File Parser. Durch Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-08-05T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-05T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-05T11:02:47.000Z", "lang": "en", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.318817", "name": "VDB-318817 | libav AVI File Parser buffer.c av_buffer_unref null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.318817", "name": "VDB-318817 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.621824", "name": "Submit #621824 | libav avconv 13 && the newest master Segmentation fault", "tags": ["third-party-advisory"]}, {"url": "https://trac.ffmpeg.org/ticket/11679", "tags": ["issue-tracking"]}, {"url": "https://drive.google.com/file/d/1OwDNHuTbZFNTDX9afmvez_old3oRC7dM/view?usp=sharing", "tags": ["exploit"]}], "tags": ["unsupported-when-assigned"]}, "adp": [{"references": [{"url": "https://trac.ffmpeg.org/ticket/11679", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-05T17:53:17.495760Z", "id": "CVE-2025-8584", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-05T17:53:41.456Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8584", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-05T17:53:17.495760Z"}}}], "references": [{"url": "https://trac.ffmpeg.org/ticket/11679", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-05T17:53:26.194Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "libav AVI File Parser buffer.c av_buffer_unref null pointer dereference", "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "n/a", "modules": ["AVI File Parser"], "product": "libav", "versions": [{"status": "affected", "version": "12.0"}, {"status": "affected", "version": "12.1"}, {"status": "affected", "version": "12.2"}, {"status": "affected", "version": "12.3"}]}], "timeline": [{"lang": "en", "time": "2025-08-05T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-08-05T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-08-05T11:02:47.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.318817", "name": "VDB-318817 | libav AVI File Parser buffer.c av_buffer_unref null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.318817", "name": "VDB-318817 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.621824", "name": "Submit #621824 | libav avconv 13 && the newest master Segmentation fault", "tags": ["third-party-advisory"]}, {"url": "https://trac.ffmpeg.org/ticket/11679", "tags": ["issue-tracking"]}, {"url": "https://drive.google.com/file/d/1OwDNHuTbZFNTDX9afmvez_old3oRC7dM/view?usp=sharing", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "de", "value": "In libav bis 12.3 wurde eine problematische Schwachstelle entdeckt. Betroffen ist die Funktion av_buffer_unref der Datei libavutil/buffer.c der Komponente AVI File Parser. Durch Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-05T16:32:06.484Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8584", "state": "PUBLISHED", "dateUpdated": "2025-08-05T17:53:41.456Z", "dateReserved": "2025-08-05T08:57:37.080Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-08-05T16:32:06.484Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cna@vuldb.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer."}], "id": "CVE-2025-8584", "lastModified": "2025-08-05T21:06:25.813", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-08-05T17:15:30.083", "references": [{"source": "cna@vuldb.com", "url": "https://drive.google.com/file/d/1OwDNHuTbZFNTDX9afmvez_old3oRC7dM/view?usp=sharing"}, {"source": "cna@vuldb.com", "url": "https://trac.ffmpeg.org/ticket/11679"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.318817"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.318817"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.621824"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://trac.ffmpeg.org/ticket/11679"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-476"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}