Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
FFmpeg: Critical Data Corruption in Movie Files
DEBIAN-CVE-2026-40962
Summary
A critical security issue has been discovered in FFmpeg, a popular software used to process multimedia files. If exploited, this issue could allow an attacker to intentionally corrupt movie files, potentially leading to data loss or system crashes. Update to the latest version of FFmpeg to patch this issue.
What to do
- Update debian ffmpeg to version 7:8.1-1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:11 | debian | ffmpeg | All versions |
| Debian:12 | debian | ffmpeg | All versions |
| Debian:13 | debian | ffmpeg | All versions |
| Debian:14 | debian | ffmpeg |
< 7:8.1-1 Fix: upgrade to 7:8.1-1
|
Original title
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
Original description
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
- https://security-tracker.debian.org/tracker/CVE-2026-40962 Vendor Advisory
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026