{}

{}

{}

{"acknowledgement": "Red Hat would like to thank Jiasheng Jiang for reporting this issue.", "bugzilla": {"description": "FFmpeg: NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c)", "id": "2380420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380420"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-476", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Users are strongly encouraged to apply vendor-supplied updates or patches as they become available to address this vulnerability."}, "name": "CVE-2025-7700", "public_date": "2025-07-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-7700"], "statement": "The Red Hat Product Security team has assessed this vulnerability as Medium severity. It can be exploited remotely without authentication but requires user interaction (e.g., opening a crafted ALS file). While it does not allow code execution or compromise system confidentiality or integrity, it does cause an application crash, posing a moderate availability risk. The root cause is insufficient validation of memory allocation return values in the ALS decoder initialization function.", "threat_severity": "Moderate"}