Is N A affected by CVE-2026-30997?

FFmpeg 8.0.1 contains a critical out-of-bounds read vulnerability in its AV1 video decoder that allows remote attackers to crash video processing services by submitting malicious video files, impacting any organization running media servers, transcoders, or browser-based video platforms that depend…

CVE-2026-30997

EUVD-2026-21972 HIGH

2026-04-13 mitre

Denial Of Service Buffer Overflow Information Disclosure N A

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 15, 2026 - 12:29 vuln.today

CVSS Changed

Apr 13, 2026 - 20:22 NVD

7.5 (HIGH)

DescriptionNVD

An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

AnalysisAI

Out-of-bounds read in FFmpeg 8.0.1's AV1 decoder allows remote denial-of-service via malicious video files. Attackers craft inputs targeting read_global_param() in libavcodec/av1dec.c to trigger memory access violations, crashing the decoder. …

RemediationAI

Within 24 hours: Identify all systems running FFmpeg 8.0.1 and document their network exposure, particularly media servers and video transcoding services. Within 7 days: Implement network-level controls restricting AV1 video file uploads from untrusted sources, and disable AV1 decoding in FFmpeg configurations where feasible until a patch is released. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-30997 vulnerability details – vuln.today

Back

CVE-2026-30997

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code