Description
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.
Published: 2026-04-15
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: Denial of Service and potential code execution
Action: Patch
AI Analysis

Impact

The vulnerability resides in FFmpeg's DVD subtitle parser. A specially crafted MPEG-PS/VOB file triggers a signed integer overflow during fragment reassembly, resulting in a heap out-of-bounds write. Consequences can include application crashes (Denial of Service) and, in worst cases, arbitrary code execution. The weakness is a numeric overflow (CWE-190).

Affected Systems

Products impacted are Red Hat Lightspeed Core, Red Hat AI Inference Server, Red Hat Enterprise Linux AI 3, and Red Hat OpenShift AI. All installations that include FFmpeg are potentially vulnerable until a patch is applied; version specifics are not enumerated in the CNA entry.

Risk and Exploitability

The CVSS score is 6.5, indicating moderate severity. Exploitation requires delivery of a crafted media file to a system running FFmpeg, typically through a media-processing service or by a user opening a malicious file. The attack is remote and only needs the victim to process the file. The fact that no exploitation probability metric is published does not reduce the risk; a successful exploitation can lead to a denial of service or, in the most severe scenario, arbitrary code execution.

Generated by OpenCVE AI on April 16, 2026 at 02:20 UTC.

Remediation

Vendor Workaround

To mitigate this issue, avoid processing untrusted MPEG-PS/VOB media files with FFmpeg. If FFmpeg is used in automated media processing services, implement strict input validation and isolation to prevent the ingestion of malicious files from untrusted sources. For end-user applications, refrain from opening or playing untrusted media files.

OpenCVE Recommended Actions

  • Update FFmpeg to a version that contains the overflow fix once it becomes available.
  • If an update is not immediately possible, run media-processing components in a sandbox and enforce strict input validation so that only trusted files are processed.
  • Avoid opening or playing untrusted MPEG-PS/VOB files in end-user applications, and limit the privileges of the FFmpeg process to reduce the impact of a crash or exploit.

Generated by OpenCVE AI on April 16, 2026 at 02:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 15 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.
Title Ffmpeg: ffmpeg: denial of service and potential arbitrary code execution via signed integer overflow in dvd subtitle parser
First Time appeared Redhat
Redhat ai Inference Server
Redhat enterprise Linux Ai
Redhat lightspeed Core
Redhat openshift Ai
Weaknesses CWE-190
CPEs cpe:/a:redhat:ai_inference_server:3
cpe:/a:redhat:enterprise_linux_ai:3
cpe:/a:redhat:lightspeed_core
cpe:/a:redhat:openshift_ai
Vendors & Products Redhat
Redhat ai Inference Server
Redhat enterprise Linux Ai
Redhat lightspeed Core
Redhat openshift Ai
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Redhat Ai Inference Server Enterprise Linux Ai Lightspeed Core Openshift Ai
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-15T20:01:15.671Z

Reserved: 2026-04-15T19:11:41.901Z

Link: CVE-2026-6385

cve-icon Vulnrichment

Updated: 2026-04-15T20:01:09.811Z

cve-icon NVD

Status : Received

Published: 2026-04-15T20:16:44.230

Modified: 2026-04-15T20:16:44.230

Link: CVE-2026-6385

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-15T19:11:47Z

Links: CVE-2026-6385 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T02:30:21Z

Weaknesses