CVE-2025-7700 — NULL Pointer Dereference in Ffmpeg

CWE-476 — NULL Pointer Dereference12 documents7 sources

Severity

5.3MEDIUMNVD

OSV7.5

EPSS

0.1%

top 71.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedNov 7

Latest updateNov 16

Description

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶debiandebian/ffmpeg< ffmpeg 7:5.1.7-0+deb12u1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:4.3.9-0+deb11u2+3

▶Ubuntuffmpeg/ffmpeg< 7:3.4.11-0ubuntu0.1+esm11+3

🔴Vulnerability Details

OSV

CVE-2025-7700: A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures↗2025-11-07

▶

GHSA

GHSA-p7g8-g57p-r8qx: A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures↗2025-11-07

▶

OSV

ffmpeg vulnerabilities↗2025-10-21

▶

📋Vendor Advisories

Ubuntu

FFmpeg vulnerability↗2025-11-16

▶

Ubuntu

FFmpeg vulnerabilities↗2025-10-21

▶

Red Hat

FFmpeg: NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c)↗2025-07-15

▶

Debian

CVE-2025-7700: ffmpeg - A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-12343 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-63757 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-69693 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-10256 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶