CVE-2025-8585
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-05

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-05
Last Modified
2026-04-29
Generated
2026-05-06
AI Q&A
2025-08-05
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8585
EUVD
EUVD-2025-23642
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libav libav to 12.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-8585 is a critical double-free memory corruption vulnerability in the DSS File Demuxer component of libav's avconv tool. It occurs when processing malformed DSS files, causing the program to free the same memory twice during cleanup, leading to heap corruption and program crash. This flaw arises from improper memory management in the function handling DSS files, specifically in dss_read_close(), resulting in an invalid free operation and abort. [1, 2]


How can this vulnerability impact me? :

This vulnerability can cause the affected program to crash due to heap corruption, potentially leading to denial of service. Since it involves memory corruption, it may also allow an attacker with local access to manipulate program behavior, impacting confidentiality, integrity, and availability of the system running the vulnerable libav versions. Exploitation requires local access and is considered easy, with proof-of-concept exploits publicly available. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to reproduce the crash using a malformed DSS file with the avconv tool from libav. Running avconv with a crafted malformed DSS file triggers a double free error, causing the program to abort with messages like 'free(): invalid pointer' and a core dump. Using debugging tools such as GDB to trace the crash can confirm the issue. Example command to test: `avconv -i malformed.dss -f null -` where 'malformed.dss' is a specially crafted DSS file that triggers the vulnerability. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include avoiding the use of affected libav versions (up to 12.3) and replacing them with alternative software, as no known countermeasures or patches exist for this vulnerability. Since the vulnerability requires local access to exploit, restricting local user permissions and access to the avconv tool can reduce risk. Additionally, do not process untrusted or malformed DSS files with the vulnerable versions of libav. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart