7516 matches found
CVE-2026-13858
Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...
CVE-2026-13858
Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...
CVE-2026-13858
CVE-2026-13858 involves an out-of-bounds read in FFmpeg when used by Google Chrome prior to version 150.0.7871.47. The vulnerability could allow a remote attacker to read process memory via a crafted video file, with the impact described as high confidentiality risk and no changes to integrity/av...
CVE-2026-13858
Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...
PT-2026-54135
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An out of bounds read occurs in FFmpeg, which is a multimedia framework used to handle audio, video, and other multimedia files. This issue allows a remote attacker to obtain potentiall...
CVE-2026-58049
A flaw was found in FFmpeg's RASC video decoder. A remote attacker could exploit this by providing a crafted media stream using the RASC FourCC Four Character Code, which is then decoded by libavcodec. This vulnerability triggers a bitstream-controlled out-of-bounds heap write and an adjacent...
CVE-2026-58049
FFmpeg's RASC video decoder decodedlta in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXTLINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A...
UBUNTU-CVE-2026-58049
FFmpeg's RASC video decoder decodedlta in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXTLINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A...
CVE-2026-58049
FFmpeg's RASC video decoder decodedlta in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXTLINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A...
CVE-2026-58049
CVE-2026-58049 concerns FFmpeg’s RASC video decoder (decode_dlta in libavcodec/rasc.c). The issue arises when the code performs 32-bit reads/writes at the row cursor before the NEXT_LINE boundary check and validates the DLTA region in pixels rather than bytes. On PAL8 frames, this enables a DLTA ...
Linux Distros Unpatched Vulnerability : CVE-2026-58049
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FFmpeg's RASC video decoder decodedlta in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXTLINE row-boundary check and...
PT-2026-53081
Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to the latest patch Description The RASC video decoder in libavcodec contains a flaw where the decode dlta function in libavcodec/rasc.c performs 32-bit reads and writes at the row cursor before the NEXT LINE row-boundary...
FreeBSD : ffmpeg -- Out-of-bounds write (ba8d239f-709f-11f1-a30e-28d2443e6cfa)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ba8d239f-709f-11f1-a30e-28d2443e6cfa advisory. https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159 reports: An out-of-bounds write vulnerability in...
JLSEC-2026-653 An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV...
An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg befor...
CVE-2026-48793
Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...
PixelSmash flaw turns video files into attack tools
A newly discovered vulnerability in FFmpeg’s MagicYUV decoder can turn a tiny, malformed video into a foothold for attackers. Researchers have disclosed PixelSmash, a critical vulnerability tracked as CVE-2026-8461, in FFmpeg’s MagicYUV video decoder with a CVSS score of 8.8. By crafting a...
OESA-2026-2696 ffmpeg security update
FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: A flaw was found in...
PT-2026-52059
Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.10 Description An argument injection issue exists in the subtitle conversion process. The function ConvertTextSubtitleToSrtInternal interpolates the subtitle file path into FFmpeg command-line arguments without...
[SECURITY] [DSA 6361-1] ffmpeg security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6361-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 22, 2026 https://www.debian.org/security/faq -...
Debian dsa-6361 : ffmpeg - security update
The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6361 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6361-1 [email protected] https://www.debian.org/securit...