CVE-2025-10256
NULL Pointer Dereference in FFmpeg Firequalizer Filter Causes DoS
Publication date: 2026-02-18
Last updated on: 2026-02-26
Assigner: Fedora Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ffmpeg | ffmpeg | From 3.2 (inc) to 8.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "This vulnerability is a NULL pointer dereference in FFmpeg's Firequalizer audio filter. It occurs because the code does not check if memory allocation via av_malloc_array() succeeds in the config_input() function. If the allocation fails and returns NULL, the program attempts to use this NULL pointer, causing a crash."}, {'type': 'paragraph', 'content': 'An attacker can exploit this by tricking a user into processing a specially crafted media file with the Firequalizer filter enabled, which triggers the NULL pointer dereference and causes the application to crash.'}] [1, 3]
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service (DoS). When exploited, the application using FFmpeg with the Firequalizer filter enabled can crash unexpectedly due to the NULL pointer dereference.
This can disrupt services or applications that rely on FFmpeg for media processing, potentially causing downtime or interruption of media-related functionality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or denial of service events in applications using the FFmpeg Firequalizer filter when processing media files. Additionally, the presence of the vulnerable FFmpeg version with the affected Firequalizer filter can be checked.
To detect if your FFmpeg build is vulnerable, you can check the version or inspect if the patch that adds the NULL pointer check (commit a25462482c02c004d685a8fcf2fa63955aaa0931) is applied.
Suggested commands include:
- Check FFmpeg version: `ffmpeg -version`
- Check if the Firequalizer filter is present: `ffmpeg -filters | grep firequalizer`
- Test processing a crafted media file with the Firequalizer filter enabled and monitor for crashes or errors.
- If you have source code access, verify if the patch adding the NULL pointer check to av_malloc_array() in af_firequalizer.c is applied.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update FFmpeg to a version that includes the patch fixing the NULL pointer dereference in the Firequalizer filter.
This patch adds a check on the return value of av_malloc_array() to prevent dereferencing a NULL pointer, which avoids crashes and denial of service.
If updating is not immediately possible, avoid processing untrusted or crafted media files with the Firequalizer filter enabled.
Additionally, consider disabling or removing the Firequalizer filter from your FFmpeg usage until the fix is applied.