CVE-2025-1373: 
Ffmpeg vulnerability analysis and mitigation

A vulnerability was found in FFmpeg up to version 7.1, identified as CVE-2025-1373. The issue affects the movreadtrak function in libavformat/mov.c component of the MOV Parser. The vulnerability was discovered on February 16, 2025, and leads to a null pointer dereference condition. The issue requires local access to exploit (NVD).

The vulnerability manifests as a null pointer dereference in the movreadtrak function within the MOV Parser component. The issue occurs when the function attempts to dereference ttsdata without properly checking ttscount first. The vulnerability has been assigned a CVSS v4.0 score of 4.8 (MEDIUM) with the vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N (NVD).

The vulnerability can lead to a null pointer dereference condition which typically results in application crashes. The impact is primarily limited to availability, with no direct impact on confidentiality or integrity of the system (NVD).

A patch has been released and identified by commit 43be8d07281caca2e88bfd8ee2333633e1fb1a13. The fix involves adding proper validation to check for ttscount before dereferencing ttsdata. Users are recommended to update to the patched version of FFmpeg (FFmpeg Commit).