Mageia 9 ffmpeg Critical Denial of Service Vuln MGASA-2026-0153
mageia
May 26, 2026
MGASA-2026-0153 - Updated ffmpeg packages fix security vulnerabilities
Summary
Description:
An out-of-bounds read in the read_global_param() function
(libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a
Denial of Service (DoS) via a crafted input. (CVE-2026-30997)
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds
write via CENC (Common Encryption) subsample data to libavformat/mov.c.
(CVE-2026-40962)
References
- https://bugs.mageia.org/show_bug.cgi?id=35546
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4TOCC22G6AHEU62PA7DQARAPJYTW6XSE/
- https://excellent-oatmeal-319.notion.site/CVE-2026-30997-Out-of-Bounds-Access-a7929817b9794568b2f7774397c7d65f
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30997
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40962
Topics Covered
Resolution
SRPMS
- 9/core/ffmpeg-5.1.9-1.mga9
- 9/tainted/ffmpeg-5.1.9-1.mga9.tainted
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 26 May 2026
URL: https://advisories.mageia.org/MGASA-2026-0153.html
Type: security
CVE: CVE-2026-30997, CVE-2026-40962
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!