Lucene search
K

1041 matches found

NVD
NVD
added 2026/06/30 11:17 p.m.4 views

CVE-2026-13858

Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...

6.5CVSS0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:37 p.m.23 views

CVE-2026-13858

Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...

0.00276EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:37 p.m.15 views

CVE-2026-13858

CVE-2026-13858 involves an out-of-bounds read in FFmpeg when used by Google Chrome prior to version 150.0.7871.47. The vulnerability could allow a remote attacker to read process memory via a crafted video file, with the impact described as high confidentiality risk and no changes to integrity/av...

6.5CVSS5.8AI score0.00276EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54135

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An out of bounds read occurs in FFmpeg, which is a multimedia framework used to handle audio, video, and other multimedia files. This issue allows a remote attacker to obtain potentiall...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

SUSE SLES15 Security Update : ffmpeg-4 (SUSE-SU-2026:2444-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2444-1 advisory. This update for ffmpeg-4 fixes the following issues Update to version 4.4.7: - CVE-2023-6601: HLS Unsafe File Extension Bypass...

9.8CVSS7.1AI score0.00715EPSS
Exploits3References31
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in ffmpeg

Before ffmpeg version 4.3, the tty demuxer did not have a ‘readprobe’ function assigned to it. By creating a legitimate “ffconcat” file that references an image, followed by a file that triggers the tty demuxer, the contents of the second file will be copied into the output file verbatim as long ...

5.5CVSS6.8AI score0.0088EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in ffmpeg

FFmpeg version git commit de8e6e67e7523e48bb27ac224a0b446df05e1640 suffers from an assertion failure in src/libavutil/mathematics.c...

7.5CVSS6.5AI score0.0269EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in ffmpeg

An integer overflow vulnerability exists in the function filter16roberts in libavfilter/vfconvolution.c in Ffmpeg 4.2.1. This vulnerability allows attackers to cause a Denial of Service or other unspecified impacts...

8.8CVSS7AI score0.01182EPSS
Exploits1References2
CVE
CVE
added 2026/06/19 10:55 a.m.47 views

CVE-2026-12706

CVE-2026-12706 , in FFmpeg’s RASC video decoder, is a heap use-after-free in the decode_move() path. The decoder initializes a read pointer into a decompressed buffer, but the buffer is reallocated during move-table processing, leaving the pointer dangling. An attacker could craft an AVI file wit...

6.5CVSS6AI score0.00245EPSS
Exploits0References4
Rosalinux
Rosalinux
added 2026/06/01 12:37 p.m.12 views

Advisory ROSA-SA-2026-3312

Software: ffmpeg 4.4.6 OS: ROSA-CHROME Unaffected versions: = ffmpeg-4.4.6-4 Affected versions: ffmpeg-4.4.6-4 CVE-ID: CVE-2026-40962 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability related to integer overflow in FFmpeg allows an attacker to execute write operations beyond the...

9.8CVSS6AI score0.00337EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in ffmpeg

In FFmpeg versions prior to 5.1.2, the libavcodec/pthreadframe.c file, used in VLC and other products, leaves stale hwaccel state in worker threads. This allows attackers to trigger a use-after-free and execute arbitrary code under certain circumstances e.g., during hardware reinitialization upon...

8.1CVSS7.4AI score0.01512EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in ffmpeg

A heap-use-after-free in the avfreep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code...

8.8CVSS7.1AI score0.01719EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in ffmpeg5

The Ffmpeg v.N113007-g8d24a28d06 contains a buffer overflow vulnerability that allows a local attacker to execute arbitrary code through the libavfilter/avfshowspectrum.c:1789:52 component in showspectrumpicrequestframe...

8CVSS7.4AI score0.00275EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in ffmpeg5

FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow through the ffgaussianblur8 function in libavfilter/edgetemplate.c:116:5 component...

8CVSS7.1AI score0.00438EPSS
Exploits1References2
CVE
CVE
added 2026/04/16 1:33 a.m.67 views

CVE-2026-40962

FFmpeg before 8.1 is vulnerable to CVE-2026-40962 due to an integer overflow and out-of-bounds write from CENC subsample data in libavformat/mov.c. Multiple connected advisories note the fix in FFmpeg 8.1 or later (e.g., Mageia MGASA-2026-0153 and SUSE advisories referencing the CVE). Exploitatio...

9.8CVSS5.8AI score0.00134EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/16 1:33 a.m.4 views

CVE-2026-40962

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

4.9CVSS5.8AI score0.00134EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-30998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS...

7.5CVSS5.9AI score0.004EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/15 9:30 p.m.7 views

EUVD-2026-23098

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...

6.5CVSS6.1AI score0.00437EPSS
Exploits0References3
OSV
OSV
added 2026/04/15 8:16 p.m.5 views

DEBIAN-CVE-2026-6385

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...

6.5CVSS6AI score0.00437EPSS
Exploits0References1
NVD
NVD
added 2026/04/15 8:16 p.m.6 views

CVE-2026-6385

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...

6.5CVSS0.00437EPSS
Exploits0References2
Rows per page
Query Builder