Ffmpeg: null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c)

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Description

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.

Basic Information

ID CVE-2025-7700

Source redhat

Published Nov 7, 2025 at 18:59

Modified Nov 7, 2025 at 19:08

Affected Product

Affected Versions 0

CWE Classification

CWE-476

References

{
    "lastseen": "",
    "description": "A flaw was found in FFmpeg\u2019s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.",
    "published": "2025-11-07T18:59:28.962Z",
    "modified": "2025-11-07T19:08:06.222Z",
    "type": "cve",
    "title": "Ffmpeg: null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c)",
    "source": "redhat",
    "references": "https://access.redhat.com/security/cve/CVE-2025-7700\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2380420",
    "id": "CVE-2025-7700",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476"
    ],
    "cvelist": null,
    "sourceData": "  0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "",
    "version": "0",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Ffmpeg: null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c)_CVE-2025-7700