CVE-2025-47807 – A NULL pointer dereference vulnerability in GSt... (How to Fix)

Q: What is the severity of CVE-2025-47807?

CVE-2025-47807 has a CVSS score of 5.5 (MEDIUM). A NULL pointer dereference vulnerability in GStreamer's subparse plugin allows attackers to cause denial of service by crashing applications that process malicious subtitle files. This affects any application using GStreamer 1.26.1 or earlier to parse subtitle files. The vulnerability is triggered when processing specially crafted subtitle content.

📋 TL;DR

A NULL pointer dereference vulnerability in GStreamer's subparse plugin allows attackers to cause denial of service by crashing applications that process malicious subtitle files. This affects any application using GStreamer 1.26.1 or earlier to parse subtitle files. The vulnerability is triggered when processing specially crafted subtitle content.

💻 Affected Systems

Products:

GStreamer
Applications using GStreamer for subtitle parsing

Versions: GStreamer through version 1.26.1

Operating Systems: Linux, Windows, macOS, BSD systems with GStreamer

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerable when subtitle parsing is enabled and processing subtitle files. Many media players and video processing tools use GStreamer.

📦 What is this software?

Gstreamer by Gstreamer Project

View all CVEs affecting Gstreamer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to denial of service for media processing applications, potentially disrupting media playback or processing services.

🟠

Likely Case

Application crash when processing malicious subtitle files, requiring restart of affected media applications.

🟢

If Mitigated

No impact if subtitle parsing is disabled or if applications don't process untrusted subtitle files.

🌐 Internet-Facing: MEDIUM - Applications processing user-uploaded subtitle files could be targeted to cause service disruption.

🏢 Internal Only: LOW - Requires processing of malicious subtitle files, which is less likely in controlled internal environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires attacker to supply malicious subtitle file to vulnerable application. No authentication bypass needed if application accepts subtitle files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GStreamer 1.26.2 or later

Vendor Advisory: https://gstreamer.freedesktop.org/security/

Restart Required: No

Instructions:

1. Check current GStreamer version. 2. Update to GStreamer 1.26.2 or later using your distribution's package manager. 3. For source installations, download and compile latest version from gstreamer.freedesktop.org.

🔧 Temporary Workarounds

Disable subparse plugin

Linux

Remove or disable the vulnerable subparse plugin to prevent subtitle parsing

gst-inspect-1.0 --plugin-filters=name=subparse
sudo rm /usr/lib/gstreamer-1.0/libgstsubparse.so

🧯 If You Can't Patch

Implement input validation for subtitle files before processing
Run GStreamer applications in sandboxed/containerized environments

🔍 How to Verify

Check if Vulnerable:

Check GStreamer version: gst-inspect-1.0 --version | grep 'GStreamer'

Check Version:

gst-inspect-1.0 --version

Verify Fix Applied:

Verify version is 1.26.2 or later: gst-inspect-1.0 --version

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation fault when processing subtitle files
GStreamer error logs mentioning subparse or subtitle parsing failures

Network Indicators:

Unusual subtitle file downloads to media processing servers

SIEM Query:

source="application.log" AND ("segmentation fault" OR "NULL pointer") AND ("gstreamer" OR "subtitle")

📊 Metadata

CVE ID: CVE-2025-47807

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.02% exploit probability (5.9th percentile)

Published: August 7, 2025

Last Updated: August 12, 2025

🔗 References

https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md Exploit,Third Party Advisory
https://gstreamer.freedesktop.org/security/ Vendor Advisory
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-47807, you might also want to check these: