{"vulnerability": "CVE-2026-3921", "sightings": [{"uuid": "4567d4b8-7133-484a-8982-94fa41d662bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-3921", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities_20260312", "content": "", "creation_timestamp": "2026-03-12T01:00:00.000000Z"}, {"uuid": "e9db485d-9d13-4862-ba96-6a450f59ec9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-3921", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0298/", "content": "", "creation_timestamp": "2026-03-16T00:00:00.000000Z"}, {"uuid": "5928869c-c38a-4405-a891-8987995df82e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-3921", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mgvfldg3v42s", "content": "", "creation_timestamp": "2026-03-12T22:00:49.674213Z"}, {"uuid": "b7088c30-7e95-4d55-bb65-a683d4af3c3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39218", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com  \n**Submission Date:** 2026-05-07T14:03:40  \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools)  \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org  \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562  \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()`  \n**Vulnerability Type:** Integer Overflow  \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536  \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549  \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552  \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561  \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537  \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551  \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550  \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568  \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}, {"uuid": "2a8defd3-558e-47ab-8397-1baa02f07bc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-3921", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities_20260316", "content": "", "creation_timestamp": "2026-03-16T01:00:00.000000Z"}, {"uuid": "9816c0c1-ff6d-456b-8fa0-a735daeb1baf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39212", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com  \n**Submission Date:** 2026-05-07T14:03:40  \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools)  \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org  \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562  \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()`  \n**Vulnerability Type:** Integer Overflow  \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536  \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549  \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552  \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561  \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537  \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551  \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550  \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568  \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}, {"uuid": "ccff5089-d0ed-4388-9429-3dff159fb520", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39214", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com  \n**Submission Date:** 2026-05-07T14:03:40  \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools)  \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org  \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562  \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()`  \n**Vulnerability Type:** Integer Overflow  \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536  \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549  \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552  \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561  \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537  \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551  \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550  \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568  \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}, {"uuid": "f52d1dc7-ef26-4636-89b8-7712ba26af7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39216", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com  \n**Submission Date:** 2026-05-07T14:03:40  \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools)  \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org  \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562  \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()`  \n**Vulnerability Type:** Integer Overflow  \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536  \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549  \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552  \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561  \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537  \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551  \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550  \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568  \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}, {"uuid": "e65b4ae1-4968-4a10-b0d0-df88e9f3410c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39215", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com  \n**Submission Date:** 2026-05-07T14:03:40  \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools)  \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org  \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562  \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()`  \n**Vulnerability Type:** Integer Overflow  \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536  \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549  \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552  \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561  \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537  \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551  \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550  \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568  \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}, {"uuid": "b22077f5-fea9-4a21-8ad1-76891b19bdf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39210", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com  \n**Submission Date:** 2026-05-07T14:03:40  \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools)  \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org  \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562  \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()`  \n**Vulnerability Type:** Integer Overflow  \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536  \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549  \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552  \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561  \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537  \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551  \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550  \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568  \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}, {"uuid": "c2e21e35-06cd-4b53-8627-2a8dde39237f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39211", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com  \n**Submission Date:** 2026-05-07T14:03:40  \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools)  \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org  \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562  \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()`  \n**Vulnerability Type:** Integer Overflow  \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536  \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549  \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552  \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561  \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537  \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551  \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550  \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568  \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}, {"uuid": "92db4a2f-d2d7-42bc-bdb3-b33ab6fb0ddd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39217", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com  \n**Submission Date:** 2026-05-07T14:03:40  \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools)  \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org  \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562  \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()`  \n**Vulnerability Type:** Integer Overflow  \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536  \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549  \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552  \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561  \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537  \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551  \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550  \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568  \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}, {"uuid": "6f379224-a8ea-4907-9ddb-97d36b9a0181", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-39213", "type": "seen", "source": "https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f", "content": "# FFmpeg CVE Disclosures \u2014 2026-05-07\n\n**Submitter:** zheng@depthfirst.com  \n**Submission Date:** 2026-05-07T14:03:40  \n**Product:** FFmpeg (libavformat, libswscale, libavcodec, fftools)  \n**Vendor:** FFmpeg Project \u2014 https://ffmpeg.org  \n\n---\n\n## CVE-2026-39210\n\n**Component:** `libavformat/mpegts.c` \u2014 `pmt_cb()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `pmt_cb()` in `libavformat/mpegts.c`. Processing a crafted MPEG-TS file with a malformed Program Map Table can write past the end of a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/5975149603  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21562  \n\n---\n\n## CVE-2026-39211\n\n**Component:** `libswscale/utils.c` \u2014 `initFilter()`  \n**Vulnerability Type:** Integer Overflow  \n**Description:** An integer overflow exists in `initFilter()` in `libswscale/utils.c`. A specially crafted scaling filter configuration can cause an integer overflow that results in an undersized buffer allocation, leading to subsequent out-of-bounds writes and potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/404775a141  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21536  \n\n---\n\n## CVE-2026-39212\n\n**Component:** `fftools/ffmpeg_opt.c` \u2014 `opt_preset()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `opt_preset()` in `fftools/ffmpeg_opt.c`. Processing a crafted preset file or preset name can trigger unbounded stack growth, leading to a stack exhaustion and crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0833dd3665  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21549  \n\n---\n\n## CVE-2026-39213\n\n**Component:** `libavformat/yuv4mpegenc.c` \u2014 `yuv4_write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `yuv4_write_packet()` in `libavformat/yuv4mpegenc.c`. Writing a crafted YUV4MPEG frame with unexpected dimensions or format parameters can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/b740b85872  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21552  \n\n---\n\n## CVE-2026-39214\n\n**Component:** `libavformat/mpegtsenc.c` \u2014 `mpegts_write_sdt()`  \n**Vulnerability Type:** Stack Overflow  \n**Description:** A stack overflow exists in `mpegts_write_sdt()` in `libavformat/mpegtsenc.c`. Muxing a crafted MPEG-TS stream with a malformed Service Description Table can exhaust stack space, leading to a crash or potential code execution.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19c78cd6d9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21561  \n\n---\n\n## CVE-2026-39215\n\n**Component:** `libavcodec/mpegvideo_enc.c` \u2014 `update_mb_info()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `update_mb_info()` in `libavcodec/mpegvideo_enc.c`. Encoding a crafted video stream with particular macroblock parameters can write past the end of a heap-allocated macroblock info buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8eecba02c7  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21537  \n\n---\n\n## CVE-2026-39216\n\n**Component:** `libavformat/img2enc.c` \u2014 `write_packet()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `write_packet()` in `libavformat/img2enc.c`. Muxing image frames with unexpected or malformed metadata can overflow a heap buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ca1c1f29ce  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21551  \n\n---\n\n## CVE-2026-39217\n\n**Component:** `libavcodec/vp9.c` \u2014 `vp9_decode_frame()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `vp9_decode_frame()` in `libavcodec/vp9.c`. Decoding a crafted VP9 bitstream can write beyond the bounds of a heap-allocated frame buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38230db7b9  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21550  \n\n---\n\n## CVE-2026-39218\n\n**Component:** `libavformat/dashdec.c` \u2014 `get_current_fragment()`  \n**Vulnerability Type:** Heap Buffer Overflow  \n**Description:** A heap buffer overflow exists in `get_current_fragment()` in `libavformat/dashdec.c`. Parsing a crafted MPEG-DASH manifest with a malformed fragment URL or index can overflow a heap-allocated buffer, potentially leading to arbitrary code execution or denial of service.  \n**Fix Commit:** https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a97632827d  \n**Pull Request:** https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21568  \n\n---\n\n*This document was created as a public reference to satisfy CVE minimum data requirements per MITRE CVE Team request (CMI: MCID15752843).*\n", "creation_timestamp": "2026-05-08T18:19:08.000000Z"}]}