CVE-2026-30999

HIGH

FFmpeg < 8.0.1 - Heap-based Buffer Overflow in av_bprint_finalize()

Title source: llm

A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Core 4

Core References

CVSS v3 7.5

EPSS 0.0045

EPSS Percentile 35.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

CWE

CWE-122

Status published

Products (1)

ffmpeg/ffmpeg < 8.0.1

Published Apr 13, 2026

Tracked Since Apr 13, 2026