{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7700", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-07-16T05:12:48.951Z", "datePublished": "2025-11-07T18:59:28.962Z", "dateUpdated": "2025-11-07T19:08:06.222Z"}, "containers": {"cna": {"title": "Ffmpeg: null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c)", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in FFmpeg\u2019s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "8.0", "versionType": "semver"}], "packageName": "ffmpeg", "collectionURL": "https://github.com/FFmpeg/FFmpeg/", "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-7700", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380420", "name": "RHBZ#2380420", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-07-15T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-476: NULL Pointer Dereference", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Users are strongly encouraged to apply vendor-supplied updates or patches as they become available to address this vulnerability."}], "timeline": [{"lang": "en", "time": "2025-07-16T04:55:06.900000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-07-15T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Jiasheng Jiang for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-11-07T18:59:28.962Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-07T19:07:55.825409Z", "id": "CVE-2025-7700", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-07T19:08:06.222Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7700", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-07T19:07:55.825409Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-07T19:08:01.227Z"}}], "cna": {"title": "Ffmpeg: null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c)", "credits": [{"lang": "en", "value": "Red Hat would like to thank Jiasheng Jiang for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "8.0", "versionType": "semver"}], "packageName": "ffmpeg", "collectionURL": "https://github.com/FFmpeg/FFmpeg/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-16T04:55:06.900000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-07-15T00:00:00+00:00", "value": "Made public."}], "datePublic": "2025-07-15T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-7700", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380420", "name": "RHBZ#2380420", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Users are strongly encouraged to apply vendor-supplied updates or patches as they become available to address this vulnerability."}], "descriptions": [{"lang": "en", "value": "A flaw was found in FFmpeg\u2019s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-11-07T18:59:28.962Z"}, "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"}}, "cveMetadata": {"cveId": "CVE-2025-7700", "state": "PUBLISHED", "dateUpdated": "2025-11-07T19:08:06.222Z", "dateReserved": "2025-07-16T05:12:48.951Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-11-07T18:59:28.962Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in FFmpeg\u2019s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service."}], "id": "CVE-2025-7700", "lastModified": "2025-11-07T19:16:27.923", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2025-11-07T19:16:27.923", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-7700"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380420"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Jiasheng Jiang for reporting this issue.", "bugzilla": {"description": "FFmpeg: NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c)", "id": "2380420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380420"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-476", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Users are strongly encouraged to apply vendor-supplied updates or patches as they become available to address this vulnerability."}, "name": "CVE-2025-7700", "public_date": "2025-07-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-7700"], "statement": "The Red Hat Product Security team has assessed this vulnerability as Medium severity. It can be exploited remotely without authentication but requires user interaction (e.g., opening a crafted ALS file). While it does not allow code execution or compromise system confidentiality or integrity, it does cause an application crash, posing a moderate availability risk. The root cause is insufficient validation of memory allocation return values in the ALS decoder initialization function.", "threat_severity": "Moderate"}

{}