Skip to main content

Ffmpeg CVE-2026-40962

| EUVD-2026-23153 MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-04-16 mitre
Integer Overflow Buffer Overflow Ffmpeg
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
SUSE
MEDIUM
qualitative
Red Hat
4.8 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

6
Patch released
Apr 20, 2026 - 19:54 nvd
Patch available
Patch available
Apr 16, 2026 - 05:29 EUVD
8.1
Analysis Generated
Apr 16, 2026 - 01:50 vuln.today
EUVD ID Assigned
Apr 16, 2026 - 01:45 euvd
EUVD-2026-23153
Analysis Generated
Apr 16, 2026 - 01:45 vuln.today
CVE Published
Apr 16, 2026 - 01:33 nvd
MEDIUM 4.9

DescriptionCVE.org

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.

AnalysisAI

Integer overflow in FFmpeg's CENC subsample data parsing (libavformat/mov.c) before version 8.1 enables out-of-bounds memory writes on local systems processing specially crafted MP4 files. The vulnerability requires attacker-controlled media file input and non-default system configuration, limiting exploitation to local contexts; no active exploitation or public exploit code has been identified. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Attacker crafts malformed MP4 file
Delivery
Places file on local system or shares via email/messaging
Exploit
User/service opens file with FFmpeg
Install
Parser processes CENC subsample data
C2
Integer overflow in offset calculation
Execute
Out-of-bounds heap/stack write
Impact
Memory corruption or information disclosure
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the following specific, concrete conditions: (1) FFmpeg version before 8.1 must be installed and used to process media files; (2) the attacker must craft a specially malformed MP4 file with CENC subsample metadata that produces integer overflow in the offset calculation (the specific subsample count, size fields, or sample size values must combine to wrap an integer calculation in mov.c); (3) a local user or process must invoke FFmpeg to parse or process this malicious MP4 file (network remote exploitation is not possible-the attacker must have local file access or convince a user to process the file); (4) the system must allow the vulnerable FFmpeg process to write to memory regions that cause observable or exploitable corruption (ASLR disabled or weak ASLR increases exploitability). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS vector (AV:L/AC:H/PR:N/UI:N) indicates local attack vector with high complexity and no privilege requirement, meaning the attacker must have local file system access and the system must be in a non-default state (high complexity factor). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malformed MP4 file with specially designed CENC subsample metadata that triggers integer overflow in the offset calculation within libavformat/mov.c. When a local user or automated media processing service opens this file with FFmpeg (e.g., to transcode, analyze, or extract metadata), the parser processes the subsample data, the integer overflow wraps the offset calculation to a small value, and the subsequent write operation corrupts memory at an attacker-controlled location relative to heap structures. …
Remediation Upgrade FFmpeg to version 8.1 or later to obtain the upstream fix. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed

Share

CVE-2026-40962 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy