CNNVD-202508-354 Information

CNNVD ID

CNNVD-202508-354

Related CVE

CVE-2025-8584

• CNNVD Published: 2025-08-05

Description (Chinese)

Libav是Libav团队的一套跨平台的可对音频和视频进行录制、转换的解决方案，它包含了一个libavcodec编码器。 libav 12.3及之前版本存在安全漏洞，该漏洞源于组件AVI File Parser中文件libavutil/buffer.c的函数av_buffer_unref存在空指针取消引用。

Description (English)

Libav is a cross-platform solution for recording and converting audio and video that includes a libavcodec encoder. There is a security loophole in libav 12.3 and in the previous version, which is derived from the function of libavutil/buffer.c in component AVI File Parser, where av buffer unref has an empty pointer to remove references.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Libav

Published

2025-08-05

Last Modified

2026-02-24

References

https://trac.ffmpeg.org/ticket/11679 https://vuldb.com/?submit.621824 https://vuldb.com/?id.318817 https://vuldb.com/?ctiid.318817 https://drive.google.com/file/d/1OwDNHuTbZFNTDX9afmvez_old3oRC7dM/view?usp=sharing https://access.redhat.com/security/cve/cve-2025-8584

Patch

https://trac.ffmpeg.org/ticket/11679