{"api_version":"1","generated_at":"2026-05-13T03:32:07+00:00","cve":"CVE-2025-7700","urls":{"html":"https://cve.report/CVE-2025-7700","api":"https://cve.report/api/cve/CVE-2025-7700.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-7700","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-7700"},"summary":{"title":"Ffmpeg: null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c)","description":"A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.","state":"PUBLISHED","assigner":"redhat","published_at":"2025-11-07 19:16:27","updated_at":"2026-05-06 16:16:04"},"problem_types":["CWE-476","CWE-476 NULL Pointer Dereference"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"}}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2380420","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2380420","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/FFmpeg/FFmpeg/commit/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07","name":"https://github.com/FFmpeg/FFmpeg/commit/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2025-7700","name":"https://access.redhat.com/security/cve/CVE-2025-7700","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-7700","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7700","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[{"source":"CNA","time":"2025-07-16T04:55:06.900Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-07-15T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Users are strongly encouraged to apply vendor-supplied updates or patches as they become available to address this vulnerability.","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"Red Hat would like to thank Jiasheng Jiang for reporting this issue.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-7700","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-11-07T19:07:55.825409Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-11-07T19:08:06.222Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://github.com/FFmpeg/FFmpeg/","defaultStatus":"unaffected","packageName":"ffmpeg","versions":[{"lessThan":"8.0","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","value":"Red Hat would like to thank Jiasheng Jiang for reporting this issue."}],"datePublic":"2025-07-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-476","description":"NULL Pointer Dereference","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-06T14:38:29.969Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-7700"},{"name":"RHBZ#2380420","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2380420"},{"url":"https://github.com/FFmpeg/FFmpeg/commit/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07"}],"timeline":[{"lang":"en","time":"2025-07-16T04:55:06.900Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-07-15T00:00:00.000Z","value":"Made public."}],"title":"Ffmpeg: null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c)","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Users are strongly encouraged to apply vendor-supplied updates or patches as they become available to address this vulnerability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-476: NULL Pointer Dereference"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2025-7700","datePublished":"2025-11-07T18:59:28.962Z","dateReserved":"2025-07-16T05:12:48.951Z","dateUpdated":"2026-05-06T14:38:29.969Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-11-07 19:16:27","lastModifiedDate":"2026-05-06 16:16:04","problem_types":["CWE-476","CWE-476 NULL Pointer Dereference"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"7700","Ordinal":"1","Title":"Ffmpeg: null pointer dereference in ffmpeg als decoder (libavcod","CVE":"CVE-2025-7700","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"7700","Ordinal":"1","NoteData":"A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.","Type":"Description","Title":"Ffmpeg: null pointer dereference in ffmpeg als decoder (libavcod"}]}}}