Lucene search
K

7516 matches found

NVD
NVD
added 4 days ago4 views

CVE-2026-13858

Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...

6.5CVSS0.00276EPSS
Exploits0References2
Debian CVE
Debian CVE
added 4 days ago3 views

CVE-2026-13858

Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00276EPSS
Exploits0
CVE
CVE
added 4 days ago9 views

CVE-2026-13858

CVE-2026-13858 involves an out-of-bounds read in FFmpeg when used by Google Chrome prior to version 150.0.7871.47. The vulnerability could allow a remote attacker to read process memory via a crafted video file, with the impact described as high confidentiality risk and no changes to integrity/av...

6.5CVSS5.8AI score0.00276EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 4 days ago20 views

CVE-2026-13858

Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...

0.00276EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-54135

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An out of bounds read occurs in FFmpeg, which is a multimedia framework used to handle audio, video, and other multimedia files. This issue allows a remote attacker to obtain potentiall...

6.5CVSS6AI score0.00276EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 5 days ago4 views

CVE-2026-58049

A flaw was found in FFmpeg's RASC video decoder. A remote attacker could exploit this by providing a crafted media stream using the RASC FourCC Four Character Code, which is then decoded by libavcodec. This vulnerability triggers a bitstream-controlled out-of-bounds heap write and an adjacent...

8.8CVSS6AI score0.00217EPSS
Exploits0References6
NVD
NVD
added 6 days ago18 views

CVE-2026-58049

FFmpeg's RASC video decoder decodedlta in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXTLINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A...

8.8CVSS0.00217EPSS
Exploits0References6
OSV
OSV
added 6 days ago3 views

UBUNTU-CVE-2026-58049

FFmpeg's RASC video decoder decodedlta in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXTLINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A...

8.8CVSS5.8AI score0.00217EPSS
Exploits0References5
Debian CVE
Debian CVE
added 6 days ago5 views

CVE-2026-58049

FFmpeg's RASC video decoder decodedlta in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXTLINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A...

8.8CVSS5.8AI score0.00217EPSS
Exploits0
CVE
CVE
added 6 days ago34 views

CVE-2026-58049

CVE-2026-58049 concerns FFmpeg’s RASC video decoder (decode_dlta in libavcodec/rasc.c). The issue arises when the code performs 32-bit reads/writes at the row cursor before the NEXT_LINE boundary check and validates the DLTA region in pixels rather than bytes. On PAL8 frames, this enables a DLTA ...

8.8CVSS5.8AI score0.00217EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 6 days ago10 views

Linux Distros Unpatched Vulnerability : CVE-2026-58049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FFmpeg's RASC video decoder decodedlta in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXTLINE row-boundary check and...

8.8CVSS5.8AI score0.00217EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-53081

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to the latest patch Description The RASC video decoder in libavcodec contains a flaw where the decode dlta function in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXT LINE row-boundary...

8.8CVSS6AI score0.00217EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

FreeBSD : ffmpeg -- Out-of-bounds write (ba8d239f-709f-11f1-a30e-28d2443e6cfa)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ba8d239f-709f-11f1-a30e-28d2443e6cfa advisory. https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159 reports: An out-of-bounds write vulnerability in...

8.8CVSS6.1AI score0.00477EPSS
Exploits3References4
OSV
OSV
added 2026/06/26 8:24 p.m.2 views

JLSEC-2026-653 An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV...

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg befor...

8.8CVSS6AI score0.00477EPSS
Exploits3References3
NVD
NVD
added 2026/06/24 7:17 p.m.11 views

CVE-2026-48793

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...

8.8CVSS0.00357EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/06/24 5:23 p.m.5 views

PixelSmash flaw turns video files into attack tools

A newly discovered vulnerability in FFmpeg’s MagicYUV decoder can turn a tiny, malformed video into a foothold for attackers. Researchers have disclosed PixelSmash, a critical vulnerability tracked as CVE-2026-8461, in FFmpeg’s MagicYUV video decoder with a CVSS score of 8.8. By crafting a...

8.8CVSS6.6AI score0.00477EPSS
Exploits3
OSV
OSV
added 2026/06/24 1:10 p.m.4 views

OESA-2026-2696 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: A flaw was found in...

8.8CVSS6.1AI score0.00477EPSS
Exploits4References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52059

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.10 Description An argument injection issue exists in the subtitle conversion process. The function ConvertTextSubtitleToSrtInternal interpolates the subtitle file path into FFmpeg command-line arguments without...

8.8CVSS5.9AI score0.00357EPSS
Exploits0References5
Debian
Debian
added 2026/06/22 7:26 p.m.10 views

[SECURITY] [DSA 6361-1] ffmpeg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6361-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 22, 2026 https://www.debian.org/security/faq -...

8.8CVSS6.1AI score0.00477EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.3 views

Debian dsa-6361 : ffmpeg - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6361 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6361-1 [email protected] https://www.debian.org/securit...

8.8CVSS7.1AI score0.00477EPSS
Exploits4References8
Rows per page
Query Builder