Vulnerability Details CVE-2025-57615
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null pointer dereference. The vulnerability stems from an unchecked cast of a usize parameter to c_int, which can result in a negative value being passed to the underlying C function sws_allocVec().
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.1%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2025-57615
-
cpe:2.3:a:meh.schizofreni:rust-ffmpeg:0.3.0