Advisory ROSA-SA-2026-3312

Software: ffmpeg 4.4.6 OS: ROSA-CHROME Unaffected versions: = ffmpeg-4.4.6-4 Affected versions: ffmpeg-4.4.6-4 CVE-ID: CVE-2026-40962 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability related to integer overflow in FFmpeg allows an attacker to execute write operations beyond the...

Updated ffmpeg packages fix security vulnerabilities

An out-of-bounds read in the readglobalparam function libavcodec/av1dec.c of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input. CVE-2026-30997 FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to...

SUSE CVE-2026-40962

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

DEBIAN-CVE-2026-40962

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

CVE-2026-40962

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

EUVD-2026-23153

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

CVE-2026-40962

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

CVE-2021-35252

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext...

Code injection

Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext...

CVE-2021-35252

The CVE-2021-35252 case covers SolarWinds Serv-U FTP Server where a common encryption key is used across all deployed instances, enabling plaintext recovery of an encrypted value exposed to an attacker. Public documents indicate affected software versions include Serv-U prior to 15.3.0 (per Nessu...

Bento4 'AP4_CencSampleEncryption::DoInspectFields' function buffer overflow vulnerability

Bento4 is an open source C++ library for reading and writing MP4 files. A buffer overflow vulnerability exists in the 'AP4CencSampleEncryption::DoInspectFields' function in the Core/Ap4CommonEncryption.cpp file in Bento4 version 1.5.1.0. The vulnerability stems from a network system or product...

CVE-2019-17530

An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when called from AP4Atom::Inspect in Core/Ap4Atom.cpp...