MGASA-2026-0153

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2026-0153.html
Import Source
https://advisories.mageia.org/MGASA-2026-0153.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2026-0153
Upstream
  • CVE-2026-30997
  • CVE-2026-40962
Published
2026-05-26T01:55:28Z
Modified
2026-05-26T02:00:04.314791603Z
Summary
Updated ffmpeg packages fix security vulnerabilities
Details

An out-of-bounds read in the readglobalparam() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. (CVE-2026-30997) FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c. (CVE-2026-40962)

References
Credits

Affected packages

Mageia:9 / ffmpeg

Package

Name
ffmpeg
Purl
pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.1.9-1.mga9

Ecosystem specific 

{
    "section": "core"
}

Database specific

source 
"https://advisories.mageia.org/MGASA-2026-0153.json"

Mageia:9 / ffmpeg

Package

Name
ffmpeg
Purl
pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.1.9-1.mga9.tainted

Ecosystem specific 

{
    "section": "tainted"
}

Database specific

source 
"https://advisories.mageia.org/MGASA-2026-0153.json"