Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-s89e-x3gb-n3cg

Summary A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function mov_read_trak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The patch is identified as 43be8d07281caca2e88bfd8ee2333633e1fb1a13. It is recommended to apply a patch to fix this issue.

Aliases

alias	CVE-2025-1373

Fixed_packages

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=x86&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=armhf&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=armhf&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=armv7&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=armv7&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=s390x&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=s390x&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/ffmpeg@8.0-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@8.0-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

url	pkg:deb/debian/ffmpeg@0?distro=trixie
purl	pkg:deb/debian/ffmpeg@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@0%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:4.3.7-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ujjc-ays1-gfc2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:4.3.7-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:5.1.8-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

vulnerability	VCID-e9kf-tzg8-9bht

vulnerability	VCID-grh1-jxmf-dqdv

vulnerability	VCID-mun9-fyvn-8kfs

vulnerability	VCID-ns98-tu4j-sfd5

vulnerability	VCID-uakc-kpg5-2ug5

vulnerability	VCID-wrb6-w8ps-uuge

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:5.1.8-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/ffmpeg@7:7.1.3-0%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qje-t52h-fyfk

vulnerability	VCID-352p-mxyy-k3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:7.1.3-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
purl	pkg:deb/debian/ffmpeg@7:8.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ffmpeg@7:8.1-3%3Fdistro=trixie

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1373

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08355
published_at	2026-04-04T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08302
published_at	2026-04-02T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08281
published_at	2026-04-29T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08315
published_at	2026-04-26T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08217
published_at	2026-04-18T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0823
published_at	2026-04-16T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08334
published_at	2026-04-13T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08351
published_at	2026-04-24T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0837
published_at	2026-04-11T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08378
published_at	2026-04-21T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08361
published_at	2026-04-08T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08298
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1373

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://trac.ffmpeg.org/ticket/11460

reference_id

11460

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:53:16Z/

url

https://trac.ffmpeg.org/ticket/11460

reference_url

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13

reference_id

43be8d07281caca2e88bfd8ee2333633e1fb1a13

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:53:16Z/

url

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13

reference_url

https://vuldb.com/?ctiid.295982

reference_id

?ctiid.295982

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:53:16Z/

url

https://vuldb.com/?ctiid.295982

reference_url

https://ffmpeg.org/

reference_id

ffmpeg.org

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:53:16Z/

url

https://ffmpeg.org/

reference_url

https://vuldb.com/?id.295982

reference_id

?id.295982

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:53:16Z/

url

https://vuldb.com/?id.295982

reference_url

https://trac.ffmpeg.org/attachment/ticket/11460/poc

reference_id

poc

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:53:16Z/

url

https://trac.ffmpeg.org/attachment/ticket/11460/poc

reference_url

https://vuldb.com/?submit.496930

reference_id

?submit.496930

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T15:53:16Z/

url

https://vuldb.com/?submit.496930

Weaknesses

cwe_id	404
name	Improper Resource Shutdown or Release
description	The product does not release or incorrectly releases a resource before it is made available for re-use.

cwe_id	476
name	NULL Pointer Dereference
description	A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Exploits

Severity_range_score 1.7 - 4.8

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s89e-x3gb-n3cg

Vulnerability Instance