CVE Vulnerabilities

CVE-2025-47807

NULL Pointer Dereference

Published: Aug 07, 2025 | Modified: Aug 12, 2025
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
5.6 MODERATE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Ubuntu
MEDIUM

In GStreamer through 1.26.1, the subparse plugins subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Gstreamer Gstreamer_project * 1.26.2 (excluding)
Gst-plugins-base1.0 Ubuntu devel *
Gst-plugins-base1.0 Ubuntu jammy *
Gst-plugins-base1.0 Ubuntu noble *
Gst-plugins-base1.0 Ubuntu plucky *
Gst-plugins-base1.0 Ubuntu upstream *

Potential Mitigations

References