CVE-2026-40962

· NIST NVD ↗

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.

MEDIUM
CVSS severity
4.9
CVSS base score
2026-04-16
Published

CWE codes

CWE-190

Affected products

ffmpeg:ffmpeg

Sources