Description
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
Published: 2026-04-16
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption
Action: Apply Patch
AI Analysis

Impact

An integer overflow can occur when FFmpeg processes Common Encryption (CENC) subsample data, leading to an out‑of‑bounds write in libavformat/mov.c. This overflow arises from insufficient bounds checking during media parsing and can corrupt stack or heap memory, potentially causing an application crash.

Affected Systems

All releases of FFmpeg before version 8.1 are affected. Any deployment that processes media files containing CENC subsample information on those versions is susceptible.

Risk and Exploitability

The CVSS score of 4.9 indicates moderate severity. The EPSS score is less than 1%, and the vulnerability is not listed in the CISA KEV catalog. An attacker would need to supply a malicious media file with crafted CENC data to trigger the overflow. If an application uses FFmpeg to process untrusted media or accepts media from external sources, the risk of exploitation is higher. No widespread exploitation has been reported. Updating the library is the recommended mitigation.

Generated by OpenCVE AI on April 17, 2026 at 05:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to FFmpeg 8.1 or later to apply the integer‑overflow fix.
  • Disable or restrict CENC parsing in FFmpeg if the feature is not required, preventing malformed CENC data from being processed.
  • Run FFmpeg in a sandboxed or low‑privilege environment to limit the impact of any potential memory corruption.

Generated by OpenCVE AI on April 17, 2026 at 05:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Title FFmpeg: FFmpeg: Integer overflow and out-of-bounds write via CENC subsample data
Weaknesses CWE-787
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 16 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 01:45:00 +0000

Type Values Removed Values Added
Description FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
First Time appeared Ffmpeg
Ffmpeg ffmpeg
Weaknesses CWE-190
CPEs cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
Vendors & Products Ffmpeg
Ffmpeg ffmpeg
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Ffmpeg Ffmpeg
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-16T12:31:48.767Z

Reserved: 2026-04-16T01:33:36.641Z

Link: CVE-2026-40962

cve-icon Vulnrichment

Updated: 2026-04-16T12:20:14.391Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-16T02:16:12.227

Modified: 2026-04-20T19:54:35.317

Link: CVE-2026-40962

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-16T01:33:37Z

Links: CVE-2026-40962 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T06:00:09Z

Weaknesses