FFmpeg ALS Audio Decoder NULL Pointer Dereference Vulnerability

Vulnerability

A NULL pointer dereference vulnerability has been identified in the ALS audio decoder of FFmpeg. The issue arises because the decoder does not properly validate memory allocation results before use. This flaw can lead to application crashes when certain malformed audio files are processed. While the vulnerability does not allow for data theft or system control, it can disrupt services and cause a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to an application crash, causing a denial-of-service condition for any application that uses FFmpeg for ALS decoding.

Added: Nov 7, 2025, 7:26 PM

Updated: Nov 7, 2025, 7:26 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.4

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.4

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FFmpeg ALS Audio Decoder NULL Pointer Dereference Vulnerability

Vulnerability

Impact

Affected Products

FFmpeg

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating