| Name | CVE-2025-7700 |
| Description | A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-5985-1, DSA-6007-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| ffmpeg (PTS) | bullseye | 7:4.3.7-0+deb11u1 | vulnerable |
| bullseye (security) | 7:4.3.9-0+deb11u1 | vulnerable | |
| bookworm, bookworm (security) | 7:5.1.7-0+deb12u1 | fixed | |
| trixie (security), trixie | 7:7.1.2-0+deb13u1 | fixed | |
| forky, sid | 7:7.1.2-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| ffmpeg | source | bookworm | 7:5.1.7-0+deb12u1 | DSA-5985-1 | ||
| ffmpeg | source | trixie | 7:7.1.2-0+deb13u1 | DSA-6007-1 | ||
| ffmpeg | source | (unstable) | 7:7.1.2-1 |
[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 4.3 branch)
Introduced with: https://git.ffmpeg.org/gitweb/ffmpeg.git/object/dcfd24b10c7eaec4b7b1ec2c4abb46808721a71d
Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07 (n8.0)
Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/e0c5acb3e343d1c91c0914a786ff59176d4066a2 (n7.1.2)
Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/aad4b59cfee1f0a3cf02f5e2b1f291ce013bf27e (n5.1.7)