CVE-2025-7700 MEDIUM

CVE-2025-7700: Ffmpeg: null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c)

Weakness CWE-476
Published November 7, 2025
Last update May 6, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.

Key dates

02Disclosure timeline

November 7, 2025 CVE published
May 6, 2026 Record updated