FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.
Security Fix(es):
A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker could exploit this by providing a specially crafted AVI file containing a malicious RASC video stream. When a user opens or plays the file, the decoder reads from freed heap memory, which could lead to a denial of service (crash).(CVE-2026-12706)
{
"severity": "Medium"
}{
"x86_64": [
"ffmpeg-6.1.1-33.oe2403sp3.x86_64.rpm",
"ffmpeg-debuginfo-6.1.1-33.oe2403sp3.x86_64.rpm",
"ffmpeg-debugsource-6.1.1-33.oe2403sp3.x86_64.rpm",
"ffmpeg-devel-6.1.1-33.oe2403sp3.x86_64.rpm",
"ffmpeg-libs-6.1.1-33.oe2403sp3.x86_64.rpm",
"libavdevice-6.1.1-33.oe2403sp3.x86_64.rpm"
],
"aarch64": [
"ffmpeg-6.1.1-33.oe2403sp3.aarch64.rpm",
"ffmpeg-debuginfo-6.1.1-33.oe2403sp3.aarch64.rpm",
"ffmpeg-debugsource-6.1.1-33.oe2403sp3.aarch64.rpm",
"ffmpeg-devel-6.1.1-33.oe2403sp3.aarch64.rpm",
"ffmpeg-libs-6.1.1-33.oe2403sp3.aarch64.rpm",
"libavdevice-6.1.1-33.oe2403sp3.aarch64.rpm"
],
"src": [
"ffmpeg-6.1.1-33.oe2403sp3.src.rpm"
]
}