7515 matches found
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped Chrome 149 with patches for...
ffmpeg-4-4.4.7-3.1 on GA media (moderate)
ffmpeg-4-4.4.7-3.1 on GA media Announcement ID: openSUSE-SU-2026:10931-1 Rating: moderate Cross-References: CVE-2026-30997 CVSS scores: CVE-2026-30997 SUSE : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVE-2026-30997 SUSE : 7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N...
CVE-2026-35033
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds any...
OPENSUSE-SU-2026:20914-1 Security update for ffmpeg-4
This update for ffmpeg-4 fixes the following issues: Changes in ffmpeg-4: - CVE-2026-30997: avcodec/av1dec: check that primaryrefframe is within range bsc1262047...
PT-2026-45963
These are all security issues fixed in the ffmpeg-4-4.4.7-3.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:10931-1 ffmpeg-4-4.4.7-3.1 on GA media
These are all security issues fixed in the ffmpeg-4-4.4.7-3.1 package on the GA media of openSUSE Tumbleweed...
Security update for ffmpeg-4 (important)
openSUSE security update: security update for ffmpeg-4 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20855-1 Rating: important References: bsc1234030 bsc1237561 bsc1249393 bsc1249431 Cross-References: CVE-2024-35366 CVE-2024-35368 CVE-2024-36618...
Ubuntu 24.04 LTS : FFmpeg vulnerability (USN-8329-1)
The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8329-1 advisory. It was discovered that the FFmpeg CAF decoder incorrectly handled certain file size calculations. An attacker could possibly use this issue to cause FFmpeg to...
OPENSUSE-SU-2026:20855-1 Security update for ffmpeg-4
This update for ffmpeg-4 fixes the following issues: Changes in ffmpeg-4: - Add check for the return value of avmallocarray to avoid potential NULL pointer dereference. CVE-2025-10256, bsc1249431 - Update to version 4.4.7: Codecs, filters and other various bugfixes aacenctns: clamp filter directi...
Advisory ROSA-SA-2026-3312
Software: ffmpeg 4.4.6 OS: ROSA-CHROME Unaffected versions: = ffmpeg-4.4.6-4 Affected versions: ffmpeg-4.4.6-4 CVE-ID: CVE-2026-40962 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability related to integer overflow in FFmpeg allows an attacker to execute write operations beyond the...
ffmpeg-8-8.1.1-3.1 on GA media (moderate)
ffmpeg-8-8.1.1-3.1 on GA media Announcement ID: openSUSE-SU-2026:10890-1 Rating: moderate Cross-References: CVE-2025-10256 CVE-2025-1594 CVE-2025-9951 CVE-2026-30997 CVSS scores: CVE-2025-10256 SUSE : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2025-10256 SUSE : 6.8...
NeuroLog: Reasoning You Can Audit -- Neuro-Symbolic Vulnerability Discovery Via LLM Facts, Datalog, and SMT
Vulnerability discovery on C/C++ source asks the analyst to choose between heavyweight static analysers, which need a working build before a single query runs, and free-form LLMs, which read source readily but invent details and lose track of cross-function dataflow on real codebases. We present...
OPENSUSE-SU-2026:10890-1 ffmpeg-8-8.1.1-3.1 on GA media
These are all security issues fixed in the ffmpeg-8-8.1.1-3.1 package on the GA media of openSUSE Tumbleweed...
USN-8329-1: FFmpeg vulnerability
It was discovered that the FFmpeg CAF decoder incorrectly handled certain file size calculations. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service...
ffmpeg-4-4.4.7-2.1 on GA media (moderate)
ffmpeg-4-4.4.7-2.1 on GA media Announcement ID: openSUSE-SU-2026:10866-1 Rating: moderate Cross-References: CVE-2024-35366 CVE-2025-10256 CVE-2025-1594 CVE-2025-9951 CVSS scores: CVE-2024-35366 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-35366 SUSE : 6.9...
ffmpeg-7-7.1.4-2.1 on GA media (moderate)
ffmpeg-7-7.1.4-2.1 on GA media Announcement ID: openSUSE-SU-2026:10867-1 Rating: moderate Cross-References: CVE-2024-35366 CVE-2025-10256 CVE-2025-1594 CVE-2025-9951 CVSS scores: CVE-2024-35366 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-35366 SUSE : 6.9...
OPENSUSE-SU-2026:10867-1 ffmpeg-7-7.1.4-2.1 on GA media
These are all security issues fixed in the ffmpeg-7-7.1.4-2.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:10866-1 ffmpeg-4-4.4.7-2.1 on GA media
These are all security issues fixed in the ffmpeg-4-4.4.7-2.1 package on the GA media of openSUSE Tumbleweed...
MGASA-2026-0153 Updated ffmpeg packages fix security vulnerabilities
An out-of-bounds read in the readglobalparam function libavcodec/av1dec.c of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input. CVE-2026-30997 FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to...
Updated ffmpeg packages fix security vulnerabilities
An out-of-bounds read in the readglobalparam function libavcodec/av1dec.c of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input. CVE-2026-30997 FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to...