CVE-2025-10256 Overview
A NULL pointer dereference vulnerability exists in FFmpeg's Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to dereference a NULL pointer and crash, leading to denial of service.
Critical Impact
Processing a maliciously crafted media file with FFmpeg's Firequalizer filter can cause application crashes through NULL pointer dereference, resulting in denial of service conditions for media processing workflows.
Affected Products
- FFmpeg (versions with vulnerable libavfilter/af_firequalizer.c)
- Applications and services utilizing FFmpeg's Firequalizer audio filter
- Media processing pipelines leveraging FFmpeg's libavfilter library
Discovery Timeline
- 2026-02-18 - CVE CVE-2025-10256 published to NVD
- 2026-02-19 - Last updated in NVD database
Technical Details for CVE-2025-10256
Vulnerability Analysis
This vulnerability is classified as CWE-476 (NULL Pointer Dereference). The flaw exists in FFmpeg's Firequalizer audio filter implementation within libavfilter/af_firequalizer.c. The vulnerability stems from improper handling of memory allocation failures in the config_input() function.
When the av_malloc_array() function is called to allocate memory for the dump_buf buffer, it may return NULL if the allocation fails due to insufficient memory or other system constraints. The original vulnerable code did not validate the return value before using the pointer, leading to a NULL pointer dereference when the buffer is subsequently accessed.
The vulnerability can be triggered remotely through network-based attack vectors, as an attacker can deliver a specially crafted media file to a victim. Processing this file with FFmpeg's Firequalizer filter enabled causes the application to crash, resulting in denial of service.
Root Cause
The root cause is the absence of a NULL pointer check after calling av_malloc_array() for the s->dump_buf allocation. Memory allocation functions in C can fail and return NULL, particularly under memory pressure conditions or when processing files that request abnormally large allocations. Without proper validation, subsequent operations on the returned pointer result in undefined behavior and application crashes.
Attack Vector
The attack vector is network-based, requiring no authentication or user interaction beyond processing a malicious media file. An attacker can craft a media file designed to trigger specific conditions in the Firequalizer filter that cause memory allocation to fail. When a victim processes this file using FFmpeg with the Firequalizer filter, the NULL pointer dereference occurs, crashing the application.
Attack scenarios include:
- Serving malicious media files through compromised or attacker-controlled websites
- Sending crafted media files via email or messaging platforms
- Uploading malicious files to media processing services that use FFmpeg
if ((ret = av_tx_init(&s->analysis_rdft, &s->analysis_rdft_fn, AV_TX_FLOAT_RDFT, 0, 1 << rdft_bits, &scale, 0)) < 0)
return ret;
s->dump_buf = av_malloc_array(s->analysis_rdft_len + 2, sizeof(*s->dump_buf));
+ if (!s->dump_buf)
+ return AVERROR(ENOMEM);
}
s->analysis_buf = av_malloc_array((s->analysis_rdft_len + 2), sizeof(*s->analysis_buf));
Source: FFmpeg Commit a25462482 Analysis
Detection Methods for CVE-2025-10256
Indicators of Compromise
- Unexpected FFmpeg process crashes or terminations during media processing
- Segmentation fault (SIGSEGV) signals in application logs related to FFmpeg operations
- Core dump files generated from FFmpeg or applications using libavfilter
- Repeated crash patterns when processing specific media files through the Firequalizer filter
Detection Strategies
- Monitor system logs for FFmpeg process crashes and segmentation fault errors
- Implement file integrity monitoring for media files in processing queues to detect anomalous inputs
- Deploy endpoint detection solutions that can identify NULL pointer dereference crash patterns
- Audit FFmpeg invocations to identify usage of the Firequalizer filter (-af firequalizer)
Monitoring Recommendations
- Configure crash dump collection and analysis for FFmpeg processes to identify exploitation attempts
- Set up alerting for repeated FFmpeg process failures within short time windows
- Monitor memory allocation patterns in media processing workloads for anomalies
- Review access logs for media processing endpoints to identify potential malicious file uploads
How to Mitigate CVE-2025-10256
Immediate Actions Required
- Update FFmpeg to a patched version that includes the fix from commits a25462482c02c004d685a8fcf2fa63955aaa0931 and d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a
- If immediate patching is not possible, disable or avoid using the Firequalizer audio filter in production workflows
- Implement input validation to screen media files before processing with FFmpeg
- Consider running FFmpeg processes in sandboxed environments to limit the impact of crashes
Patch Information
The vulnerability has been addressed through patches committed to the FFmpeg repository. The fix adds proper NULL pointer validation after the av_malloc_array() call in the Firequalizer filter's config_input() function. When memory allocation fails, the function now returns AVERROR(ENOMEM) instead of proceeding with a NULL pointer.
For detailed patch information, refer to:
Workarounds
- Disable the Firequalizer filter (-af firequalizer) in FFmpeg commands until patching is complete
- Use alternative audio equalization filters that are not affected by this vulnerability
- Implement process isolation using containers or sandboxing technologies to limit crash impact
- Deploy rate limiting on media processing endpoints to slow potential exploitation attempts
# Configuration example
# Avoid using the vulnerable firequalizer filter
# Instead of:
# ffmpeg -i input.mp4 -af "firequalizer=gain_entry='...'" output.mp4
# Use alternative filters or process without firequalizer:
ffmpeg -i input.mp4 -af "equalizer=f=1000:t=q:w=1:g=2" output.mp4
# If firequalizer is required, ensure FFmpeg is updated to include the fix
# Check FFmpeg version and commit history:
ffmpeg -version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
