CVE-2026-40962 PUBLISHED

Assigner: mitre
Reserved: 16.04.2026 Published: 16.04.2026 Updated: 16.04.2026

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS Score: 4.9

Product Status

Vendor FFmpeg
Product FFmpeg
Versions Default: unaffected
  • affected from 4.1 to 8.1 (excl.)

References

Problem Types

  • CWE-190 Integer Overflow or Wraparound CWE