Audio Processing Flaw in FFmpeg ALS Decoder Affects Red Hat
CVE-2025-7700

5.3MEDIUM

Key Information:

Status
Vendor: CVE Published:; 7 November 2025

What is CVE-2025-7700?

A flaw in FFmpeg's ALS audio decoder allows the application to crash due to insufficient checks for memory allocation failures when handling certain malformed audio files. This vulnerability does not facilitate data theft or system control; however, it can disrupt service availability, resulting in a denial of service that significantly impacts users relying on audio processing capabilities.

References

https://access.redhat.com/security/cve/CVE-2025-7700

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2380420

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2025
Vulnerability Reserved
Jul 16, 2025

Credit

Red Hat would like to thank Jiasheng Jiang for reporting this issue.

JSON