592 matches found
CVE-2026-35031
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...
Linux Distros Unpatched Vulnerability : CVE-2026-6385
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DV...
Exploit for CVE-2026-35031
CVE-2026-35031: Jellyfin Subtitle Upload Path Traversal to RCE...
DEBIAN-CVE-2026-6385
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...
CVE-2026-6385
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...
CVE-2026-6385 Ffmpeg: ffmpeg: denial of service and potential arbitrary code execution via signed integer overflow in dvd subtitle parser
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...
CVE-2026-6385 Ffmpeg: ffmpeg: denial of service and potential arbitrary code execution via signed integer overflow in dvd subtitle parser
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...
CVE-2026-6385
FFmpeg vulnerability CVE-2026-6385: a signed integer overflow in the DVD subtitle parser’s fragment reassembly bounds checks can cause a heap out-of-bounds write when processing specially crafted MPEG-PS/VOB media with a malicious DVD subtitle stream. Impact includes denial of service via applica...
CVE-2026-6385
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the DVD subtitle parser due to a signed-integer overflow in fragment-reassembly bounds checks. An attacker can trigger a heap out-of-bounds write by supplying a specially crafted MPEG-PS/VOB media file,...
PT-2026-33167
Name of the Vulnerable Software and Affected Versions FFmpeg affected versions not specified Description A signed integer overflow exists in the DVD subtitle parser's fragment reassembly bounds checks. A remote attacker can exploit this by providing a specially crafted MPEG-PS/VOB media file...
Red Hat AI Inference Server 安全漏洞
Red Hat AI Inference Server is a server product developed by Red Hat Inc. for artificial intelligence inference services. There is a security vulnerability in Red Hat AI Inference Server. This vulnerability stems from a symbolic integer overflow in the fragment recombination boundary check of the...
CVE-2026-35031
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...
CVE-2026-35031
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...
CVE-2026-35031
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...
EUVD-2026-22764
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...
CVE-2026-35031
Summary: Jellyfin versions before 10.11.7 are affected by a vulnerability in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitles) where the Format field isn’t validated, allowing path traversal via the file extension and leading to arbitrary file write. This can be chained to read via ....
CVE-2026-35031 Jellyfin: Potential RCE via subtitle upload path traversal + .strm chain
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...
CVE-2026-35031 Jellyfin: Potential RCE via subtitle upload path traversal + .strm chain
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...
PT-2026-32956
Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.7 Description A flaw exists in the subtitle upload endpoint '/Videos/itemId/Subtitles' where the Format field is not validated. This allows path traversal via the file extension, enabling arbitrary file write...