CVE-2026-58049
- EPSS 0.22%
- Veröffentlicht 28.06.2026 02:16:30
- Zuletzt bearbeitet 06.07.2026 13:17:07
FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can...
CVE-2026-8461
- EPSS 0.48%
- Veröffentlicht 18.06.2026 11:29:00
- Zuletzt bearbeitet 30.06.2026 03:21:43
An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libav...
CVE-2026-40962
- EPSS 0.13%
- Veröffentlicht 16.04.2026 01:33:37
- Zuletzt bearbeitet 20.04.2026 19:54:35
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
CVE-2026-30997
- EPSS 0.34%
- Veröffentlicht 13.04.2026 00:00:00
- Zuletzt bearbeitet 23.04.2026 20:12:35
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2026-30998
- EPSS 0.4%
- Veröffentlicht 13.04.2026 00:00:00
- Zuletzt bearbeitet 23.04.2026 20:11:49
An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file.
CVE-2026-30999
- EPSS 0.45%
- Veröffentlicht 13.04.2026 00:00:00
- Zuletzt bearbeitet 23.04.2026 20:10:36
A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-69693
- EPSS 0.27%
- Veröffentlicht 16.03.2026 00:00:00
- Zuletzt bearbeitet 19.03.2026 14:19:12
Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavcodec/rv60dec.c). The quantization parameter (qp) validation at line 2267 only checks the lower bound (qp < 0) but is missing upper bound validation. The qp value can reach 65 (base ...
CVE-2025-12343
- EPSS 0.15%
- Veröffentlicht 18.02.2026 20:28:08
- Zuletzt bearbeitet 26.02.2026 22:32:44
A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant ...
CVE-2025-10256
- EPSS 0.3%
- Veröffentlicht 18.02.2026 20:26:46
- Zuletzt bearbeitet 26.02.2026 22:33:18
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking...
CVE-2025-63757
- EPSS 0.32%
- Veröffentlicht 18.12.2025 00:00:00
- Zuletzt bearbeitet 30.12.2025 20:04:35
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.