CVE-2025-7700
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
0 < 8.0 | affected |
Weaknesses
- CWE-476: NULL Pointer Dereference
Workarounds
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Users are strongly encouraged to apply vendor-supplied updates or patches as they become available to address this vulnerability.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://access.redhat.com/security/cve/CVE-2025-7700
- https://bugzilla.redhat.com/show_bug.cgi?id=2380420
- https://github.com/FFmpeg/FFmpeg/commit/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.