CVE-2025-47807 – GStreamer Subparse NULL Pointer Dereference Vulnerability

August 7, 2025

CVE ID : CVE-2025-47807

Published : Aug. 7, 2025, 8:15 p.m. | 4 hours, 34 minutes ago

Description : In GStreamer through 1.26.1, the subparse plugin’s subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47808 – GStreamer Subparse NULL Pointer Dereference Vulnerability

Next Article CVE-2025-47806 – GStreamer Subparse Buffer Overflow

Highlights

CVE-2025-38174 – “Thunderbolt: Double Dequeue Vulnerability”

July 4, 2025

CVE ID : CVE-2025-38174

Published : July 4, 2025, 11:15 a.m. | 37 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

thunderbolt: Do not double dequeue a configuration request

Some of our devices crash in tb_cfg_request_dequeue():

general protection fault, probably for non-canonical address 0xdead000000000122

CPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65
RIP: 0010:tb_cfg_request_dequeue+0x2d/0xa0
Call Trace:

? tb_cfg_request_dequeue+0x2d/0xa0
tb_cfg_request_work+0x33/0x80
worker_thread+0x386/0x8f0
kthread+0xed/0x110
ret_from_fork+0x38/0x50
ret_from_fork_asm+0x1b/0x30

The circumstances are unclear, however, the theory is that
tb_cfg_request_work() can be scheduled twice for a request:
first time via frame.callback from ring_work() and second
time from tb_cfg_request(). Both times kworkers will execute
tb_cfg_request_dequeue(), which results in double list_del()
from the ctl->request_queue (the list poison deference hints
at it: 0xdead000000000122).

Do not dequeue requests that don’t have TB_CFG_REQUEST_ACTIVE
bit set.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

GitHub’s CEO Thomas Dohmke steps down, triggering tighter integration of company within Microsoft

bitHuman launches SDK for creating AI avatars

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

I found a Google Maps alternative that won’t track you or drain your battery – and it’s free

I tested this new AI podcast tool to see if it can beat NotebookLM – here’s how it did

Microsoft’s new update makes your taskbar a productivity hub – here’s how

Save $50 on the OnePlus Pad 3 plus get a free gift – here’s the deal

Laravel Global Scopes: Automatic Query Filtering

Laravel Global Scopes: Automatic Query Filtering

Building MCP Servers in PHP

Filament v4 is Stable!

I Asked OpenAI’s New Open-Source AI Model to Complete a Children’s School Test — Is It Smarter Than a 10-Year-Old?

I Asked OpenAI’s New Open-Source AI Model to Complete a Children’s School Test — Is It Smarter Than a 10-Year-Old?

Madden NFL 26 Leads This Week’s Xbox Drops—But Don’t Miss These Hidden Gems

ASUS G14 Bulked Up for 2025—Still Sexy, Just a Bit Chonkier

CVE-2025-47807 – GStreamer Subparse NULL Pointer Dereference Vulnerability

Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability

WinRAR zero-day exploited in espionage attacks against high-value targets

Work in Progress, Part 12: What’s New on Dribbble

CVE-2025-4726 – iSourcecode Placement Management System SQL Injection Vulnerability

Le notizie minori del mondo GNU/Linux e dintorni della settimana nr 25/2025

Cheap stuff for sale!

CVE-2025-38174 – “Thunderbolt: Double Dequeue Vulnerability”

Leaked KeyPlug Malware Infrastructure Contains Exploit Scripts to Hack Fortinet Firewall and VPN

Screen is a terminal renderer written in pure PHP

PHP 8.5.0 Alpha 1 available for testing

CVE-2025-47807 – GStreamer Subparse NULL Pointer Dereference Vulnerability

Related Posts