Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2025-25471: FFmpeg: MOV file parsing can cause program crash

CVE-2025-25471

Summary

A bug in FFmpeg's MOV file parser can cause the program to crash if it encounters a malformed file. This affects all versions of FFmpeg before a certain commit and can be exploited to make the program stop working. Update to the latest version to fix the issue.

Original title

FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.

Original description

FFmpeg git master before commit fd1772 was discovered to contain a NULL pointer dereference via the component libavformat/mov.c.

nvd CVSS3.1 4.3

Vulnerability type

CWE-476 NULL Pointer Dereference

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/fd1772b7475d0d5673a5dd314ee78443...
https://trac.ffmpeg.org/ticket/11417

Published: 18 Feb 2025 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026