CVE-2025-8585 – A critical double-free vulnerability in libav's... (How to Fix)

Q: What is the severity of CVE-2025-8585?

CVE-2025-8585 has a CVSS score of 5.3 (MEDIUM). A critical double-free vulnerability in libav's DSS File Demuxer component allows local attackers to potentially execute arbitrary code or cause denial of service. This affects libav versions up to 12.3, but only impacts products that are no longer supported by maintainers.

📋 TL;DR

A critical double-free vulnerability in libav's DSS File Demuxer component allows local attackers to potentially execute arbitrary code or cause denial of service. This affects libav versions up to 12.3, but only impacts products that are no longer supported by maintainers.

💻 Affected Systems

Products:

libav

Versions: up to 12.3

Operating Systems: All platforms running affected libav versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects products using libav's DSS File Demuxer component that are no longer supported

📦 What is this software?

Libav by Libav

View all CVEs affecting Libav →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise via arbitrary code execution

🟠

Likely Case

Application crash causing denial of service for the affected process

🟢

If Mitigated

Limited impact due to local-only attack vector and unsupported software status

🌐 Internet-Facing: LOW - Requires local access for exploitation

🏢 Internal Only: MEDIUM - Local users could exploit this on affected systems

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit requires local access and manipulation of DSS files through avconv tool

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available as libav is no longer maintained. Migrate to FFmpeg or alternative supported media libraries.

🔧 Temporary Workarounds

Disable DSS File Demuxer

all

Remove or disable the vulnerable DSS file format support

Recompile libav without DSS demuxer support

Restrict avconv usage

Linux/Unix

Limit execution of avconv tool to trusted users only

chmod 750 /usr/bin/avconv
setfacl -m u:trusteduser:rx /usr/bin/avconv

🧯 If You Can't Patch

Migrate to FFmpeg or other actively maintained media processing libraries
Implement strict access controls to limit who can execute avconv on affected systems

🔍 How to Verify

Check if Vulnerable:

Check libav version: avconv -version | grep 'libav version'

Check Version:

avconv -version | grep 'libav version'

Verify Fix Applied:

Verify migration to FFmpeg or removal of vulnerable libav installation

📡 Detection & Monitoring

Log Indicators:

Segmentation fault or crash logs from avconv process
Unusual avconv execution patterns

Network Indicators:

N/A - local-only vulnerability

SIEM Query:

Process:avconv AND (EventID:1000 OR Signal:SIGSEGV)

📊 Metadata

CVE ID: CVE-2025-8585

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.03% exploit probability (8.7th percentile)

Published: August 5, 2025

Last Updated: September 4, 2025

🔗 References

https://drive.google.com/file/d/1I4VVXGys156UdeSTgya_GGxLZxwuxUPw/view?usp=sharing Exploit
https://trac.ffmpeg.org/ticket/11680 Exploit
https://vuldb.com/?ctiid.318818 Permissions Required,VDB Entry
https://vuldb.com/?id.318818 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.621825 Third Party Advisory,VDB Entry
https://trac.ffmpeg.org/ticket/11680 Exploit
https://vuldb.com/?submit.621825 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8585, you might also want to check these: