1041 matches found
CVE-2026-13858
Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...
CVE-2026-13858
Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...
CVE-2026-13858
CVE-2026-13858 involves an out-of-bounds read in FFmpeg when used by Google Chrome prior to version 150.0.7871.47. The vulnerability could allow a remote attacker to read process memory via a crafted video file, with the impact described as high confidentiality risk and no changes to integrity/av...
PT-2026-54135
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An out of bounds read occurs in FFmpeg, which is a multimedia framework used to handle audio, video, and other multimedia files. This issue allows a remote attacker to obtain potentiall...
SUSE SLES15 Security Update : ffmpeg-4 (SUSE-SU-2026:2444-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2444-1 advisory. This update for ffmpeg-4 fixes the following issues Update to version 4.4.7: - CVE-2023-6601: HLS Unsafe File Extension Bypass...
Astra Linux – Vulnerability in ffmpeg
Before ffmpeg version 4.3, the tty demuxer did not have a ‘readprobe’ function assigned to it. By creating a legitimate “ffconcat” file that references an image, followed by a file that triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim as long ...
Astra Linux – Vulnerability in ffmpeg
FFmpeg version git commit de8e6e67e7523e48bb27ac224a0b446df05e1640 suffers from an assertion failure in src/libavutil/mathematics.c...
Astra Linux – Vulnerability in ffmpeg
An integer overflow vulnerability exists in the function filter16roberts in libavfilter/vfconvolution.c in Ffmpeg 4.2.1. This vulnerability allows attackers to cause a Denial of Service or other unspecified impacts...
CVE-2026-12706
CVE-2026-12706 , in FFmpeg’s RASC video decoder, is a heap use-after-free in the decode_move() path. The decoder initializes a read pointer into a decompressed buffer, but the buffer is reallocated during move-table processing, leaving the pointer dangling. An attacker could craft an AVI file wit...
Advisory ROSA-SA-2026-3312
Software: ffmpeg 4.4.6 OS: ROSA-CHROME Unaffected versions: = ffmpeg-4.4.6-4 Affected versions: ffmpeg-4.4.6-4 CVE-ID: CVE-2026-40962 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability related to integer overflow in FFmpeg allows an attacker to execute write operations beyond the...
Astra Linux – Vulnerability in ffmpeg
In FFmpeg versions prior to 5.1.2, the libavcodec/pthreadframe.c file, used in VLC and other products, leaves stale hwaccel state in worker threads. This allows attackers to trigger a use-after-free and execute arbitrary code under certain circumstances e.g., during hardware reinitialization upon...
Astra Linux – Vulnerability in ffmpeg
A heap-use-after-free in the avfreep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code...
Astra Linux – Vulnerability in ffmpeg5
The Ffmpeg v.N113007-g8d24a28d06 contains a buffer overflow vulnerability that allows a local attacker to execute arbitrary code through the libavfilter/avfshowspectrum.c:1789:52 component in showspectrumpicrequestframe...
Astra Linux – Vulnerability in ffmpeg5
FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow through the ffgaussianblur8 function in libavfilter/edgetemplate.c:116:5 component...
CVE-2026-40962
FFmpeg before 8.1 is vulnerable to CVE-2026-40962 due to an integer overflow and out-of-bounds write from CENC subsample data in libavformat/mov.c. Multiple connected advisories note the fix in FFmpeg 8.1 or later (e.g., Mageia MGASA-2026-0153 and SUSE advisories referencing the CVE). Exploitatio...
CVE-2026-40962
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...
Linux Distros Unpatched Vulnerability : CVE-2026-30998
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS...
EUVD-2026-23098
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...
DEBIAN-CVE-2026-6385
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...
CVE-2026-6385
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...