new file mode 100644
@@ -0,0 +1,52 @@
+From aad4b59cfee1f0a3cf02f5e2b1f291ce013bf27e Mon Sep 17 00:00:00 2001
+From: Jiasheng Jiang <jiashengjiangcool@gmail.com>
+Date: Thu, 10 Jul 2025 16:26:39 +0000
+Subject: [PATCH] libavcodec/alsdec.c: Add check for av_malloc_array() and
+ av_calloc()
+
+Add check for the return value of av_malloc_array() and av_calloc()
+to avoid potential NULL pointer dereference.
+
+Fixes: dcfd24b10c ("avcodec/alsdec: Implement floating point sample data decoding")
+Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+(cherry picked from commit 35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07)
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+
+CVE: CVE-2025-7700
+
+Upstream-Status: Backport [https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/aad4b59cfee1f0a3cf02f5e2b1f291ce013bf27e]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ libavcodec/alsdec.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
+index 9c3be4e..ba85973 100644
+--- a/libavcodec/alsdec.c
++++ b/libavcodec/alsdec.c
+@@ -2115,8 +2115,8 @@ static av_cold int decode_init(AVCodecContext *avctx)
+ ctx->nbits = av_malloc_array(ctx->cur_frame_length, sizeof(*ctx->nbits));
+ ctx->mlz = av_mallocz(sizeof(*ctx->mlz));
+
+- if (!ctx->mlz || !ctx->acf || !ctx->shift_value || !ctx->last_shift_value
+- || !ctx->last_acf_mantissa || !ctx->raw_mantissa) {
++ if (!ctx->larray || !ctx->nbits || !ctx->mlz || !ctx->acf || !ctx->shift_value
++ || !ctx->last_shift_value || !ctx->last_acf_mantissa || !ctx->raw_mantissa) {
+ av_log(avctx, AV_LOG_ERROR, "Allocating buffer memory failed.\n");
+ ret = AVERROR(ENOMEM);
+ goto fail;
+@@ -2127,6 +2127,10 @@ static av_cold int decode_init(AVCodecContext *avctx)
+
+ for (c = 0; c < avctx->channels; ++c) {
+ ctx->raw_mantissa[c] = av_calloc(ctx->cur_frame_length, sizeof(**ctx->raw_mantissa));
++ if (!ctx->raw_mantissa[c]) {
++ av_log(avctx, AV_LOG_ERROR, "Allocating buffer memory failed.\n");
++ return AVERROR(ENOMEM);
++ }
+ }
+ }
+
+--
+2.40.0
@@ -48,6 +48,7 @@ SRC_URI = "https://www.ffmpeg.org/releases/${BP}.tar.xz \
file://CVE-2025-25473.patch \
file://CVE-2025-22919.patch \
file://CVE-2025-22921.patch \
+ file://CVE-2025-7700.patch \
"
SRC_URI[sha256sum] = "04c70c377de233a4b217c2fdf76b19aeb225a287daeb2348bccd978c47b1a1db"