Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
FFmpeg Firequalizer Filter Crashes with Malicious Media Files
CVE-2025-10256
Summary
The Firequalizer filter in FFmpeg can crash if it processes a specially crafted media file, potentially causing the application to stop working. This could allow an attacker to disrupt operations by forcing the application to shut down. To protect against this, ensure you're running the latest version of FFmpeg.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ffmpeg | ffmpeg | > 3.2 , <= 8.0 | – |
Original title
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input()...
Original description
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to dereference a NULL pointer and crash, leading to denial of service.
nvd CVSS3.1
5.5
Vulnerability type
CWE-476
NULL Pointer Dereference
- https://access.redhat.com/security/cve/CVE-2025-10256 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2394495 Third Party Advisory
- https://github.com/FFmpeg/FFmpeg/commit/a25462482c02c004d685a8fcf2fa63955aaa0931 Patch
- https://github.com/FFmpeg/FFmpeg/commit/d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a Patch
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026