{"id":"JLSEC-2026-641","details":"A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a victim into processing a crafted media file with the Firequalizer filter enabled, causing the application to dereference a NULL pointer and crash, leading to denial of service.","modified":"2026-06-26T20:30:03.742931568Z","published":"2026-06-26T20:24:16.337Z","upstream":["CVE-2025-10256"],"database_specific":{"license":"CC-BY-4.0","sources":[{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-10256","modified":"2026-06-17T08:28:00.503Z","id":"CVE-2025-10256","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10256","imported":"2026-06-26T19:19:07.642Z","published":"2026-02-18T21:16:20.183Z","database_specific":{"status":"Analyzed"}}]},"references":[{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2025-10256"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2394495"},{"type":"WEB","url":"https://github.com/FFmpeg/FFmpeg/commit/a25462482c02c004d685a8fcf2fa63955aaa0931"},{"type":"WEB","url":"https://github.com/FFmpeg/FFmpeg/commit/d3be186ed1bcdcf2c093d6b13a0e66dc5132be2a"}],"affected":[{"package":{"name":"FFMPEG_jll","ecosystem":"Julia","purl":"pkg:julia/FFMPEG_jll?uuid=b22a6f82-2f65-5046-a5b2-351ab43fb4e5"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"8.0.0+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-641.json"}},{"package":{"name":"FFplay_jll","ecosystem":"Julia","purl":"pkg:julia/FFplay_jll?uuid=c4dce911-e170-5107-8314-c7bdc6785395"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"8.1.2+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-641.json"}}],"schema_version":"1.7.5"}