https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-10T10:54:21.201341+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/2a8defd3-558e-47ab-8397-1baa02f07bc8/export2a8defd3-558e-47ab-8397-1baa02f07bc82026-05-10T10:54:21.242442+00:00Joseph Leehttp://vulnerability.circl.lu/user/syspect{"uuid": "2a8defd3-558e-47ab-8397-1baa02f07bc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-3921", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities_20260316", "content": "", "creation_timestamp": "2026-03-16T01:00:00.000000Z"}2026-03-16T01:00:00+00:00https://vulnerability.circl.lu/sighting/92db4a2f-d2d7-42bc-bdb3-b33ab6fb0ddd/export92db4a2f-d2d7-42bc-bdb3-b33ab6fb0ddd2026-05-10T10:54:21.242292+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "92db4a2f-d2d7-42bc-bdb3-b33ab6fb0ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39217", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com \n**Submission Date:** 2026-05-07T14:03:40 \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools) \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562 \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()` \n**Vulnerability Type:** Integer Overflow \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536 \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549 \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552 \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561 \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537 \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551 \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550 \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568 \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}2026-05-08T18:19:08+00:00https://vulnerability.circl.lu/sighting/e65b4ae1-4968-4a10-b0d0-df88e9f3410c/exporte65b4ae1-4968-4a10-b0d0-df88e9f3410c2026-05-10T10:54:21.242134+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "e65b4ae1-4968-4a10-b0d0-df88e9f3410c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39215", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com \n**Submission Date:** 2026-05-07T14:03:40 \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools) \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562 \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()` \n**Vulnerability Type:** Integer Overflow \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536 \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549 \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552 \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561 \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537 \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551 \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550 \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568 \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}2026-05-08T18:19:08+00:00https://vulnerability.circl.lu/sighting/f52d1dc7-ef26-4636-89b8-7712ba26af7a/exportf52d1dc7-ef26-4636-89b8-7712ba26af7a2026-05-10T10:54:21.241987+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "f52d1dc7-ef26-4636-89b8-7712ba26af7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39216", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com \n**Submission Date:** 2026-05-07T14:03:40 \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools) \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562 \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()` \n**Vulnerability Type:** Integer Overflow \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536 \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549 \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552 \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561 \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537 \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551 \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550 \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568 \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}2026-05-08T18:19:08+00:00https://vulnerability.circl.lu/sighting/ccff5089-d0ed-4388-9429-3dff159fb520/exportccff5089-d0ed-4388-9429-3dff159fb5202026-05-10T10:54:21.241847+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "ccff5089-d0ed-4388-9429-3dff159fb520", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39214", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com \n**Submission Date:** 2026-05-07T14:03:40 \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools) \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562 \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()` \n**Vulnerability Type:** Integer Overflow \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536 \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549 \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552 \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561 \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537 \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551 \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550 \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568 \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}2026-05-08T18:19:08+00:00https://vulnerability.circl.lu/sighting/9816c0c1-ff6d-456b-8fa0-a735daeb1baf/export9816c0c1-ff6d-456b-8fa0-a735daeb1baf2026-05-10T10:54:21.241674+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "9816c0c1-ff6d-456b-8fa0-a735daeb1baf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39212", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com \n**Submission Date:** 2026-05-07T14:03:40 \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools) \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562 \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()` \n**Vulnerability Type:** Integer Overflow \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536 \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549 \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552 \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561 \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537 \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551 \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550 \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568 \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}2026-05-08T18:19:08+00:00https://vulnerability.circl.lu/sighting/c2e21e35-06cd-4b53-8627-2a8dde39237f/exportc2e21e35-06cd-4b53-8627-2a8dde39237f2026-05-10T10:54:21.241519+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "c2e21e35-06cd-4b53-8627-2a8dde39237f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39211", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com \n**Submission Date:** 2026-05-07T14:03:40 \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools) \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562 \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()` \n**Vulnerability Type:** Integer Overflow \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536 \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549 \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552 \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561 \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537 \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551 \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550 \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568 \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}2026-05-08T18:19:08+00:00https://vulnerability.circl.lu/sighting/b22077f5-fea9-4a21-8ad1-76891b19bdf1/exportb22077f5-fea9-4a21-8ad1-76891b19bdf12026-05-10T10:54:21.241369+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "b22077f5-fea9-4a21-8ad1-76891b19bdf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39210", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com \n**Submission Date:** 2026-05-07T14:03:40 \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools) \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562 \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()` \n**Vulnerability Type:** Integer Overflow \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536 \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549 \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552 \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561 \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537 \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551 \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550 \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568 \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}2026-05-08T18:19:08+00:00https://vulnerability.circl.lu/sighting/6f379224-a8ea-4907-9ddb-97d36b9a0181/export6f379224-a8ea-4907-9ddb-97d36b9a01812026-05-10T10:54:21.241167+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "6f379224-a8ea-4907-9ddb-97d36b9a0181", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39213", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com \n**Submission Date:** 2026-05-07T14:03:40 \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools) \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562 \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()` \n**Vulnerability Type:** Integer Overflow \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536 \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549 \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552 \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561 \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537 \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551 \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550 \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568 \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}2026-05-08T18:19:08+00:00https://vulnerability.circl.lu/sighting/b7088c30-7e95-4d55-bb65-a683d4af3c3e/exportb7088c30-7e95-4d55-bb65-a683d4af3c3e2026-05-10T10:54:21.239227+00:00Automation userhttp://vulnerability.circl.lu/user/automation{"uuid": "b7088c30-7e95-4d55-bb65-a683d4af3c3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39218", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com \n**Submission Date:** 2026-05-07T14:03:40 \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools) \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562 \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()` \n**Vulnerability Type:** Integer Overflow \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536 \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549 \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552 \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()` \n**Vulnerability Type:** Stack Overflow \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561 \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537 \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551 \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9 \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550 \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()` \n**Vulnerability Type:** Heap Buffer Overflow \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service. \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568 \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}2026-05-08T18:19:08+00:00