CVE-2025-7700

Description

A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.

How to fix CVE-2025-7700

To remediate CVE-2025-7700, upgrade the affected package to a fixed version below.

Debian/ffmpeg—upgrade to 7:4.3.9-0+deb11u2 or later

Is CVE-2025-7700 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 7:4.3.9-0+deb11u2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2025-7700