Bug 2380420 (CVE-2025-7700)

Summary: CVE-2025-7700 FFmpeg: NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c)
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: gtanzill, jbuscemi
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2381578, 2381579, 2381580, 2381581, 2381582, 2381583, 2381584, 2381585, 2381586    
Bug Blocks:    

Description OSIDB Bzimport 2025-07-16 05:13:53 UTC 
NULL Pointer Dereference vulnerability in the ALS audio decoder of the FFmpeg multimedia framework. The flaw lies in the decode_init() function, where memory allocation results (e.g., larray, nbits, raw_mantissa[c]) are not validated before use. If a crafted ALS file causes allocation functions like av_malloc_array() or av_calloc() to fail, the code may dereference NULL pointers, leading to application crashes. This issue can be triggered remotely without any authentication, resulting in a denial-of-service scenario for any application using FFmpeg for ALS decoding.