{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30999", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-13T19:11:38.554Z", "dateReserved": "2026-03-09T00:00:00.000Z", "datePublished": "2026-04-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T14:21:21.878Z"}, "descriptions": [{"lang": "en", "value": "A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FFmpeg/FFmpeg/blob/master/tools/zmqsend.c"}, {"url": "https://ffmpeg.org/doxygen/7.0/zmqsend_8c_source.html"}, {"url": "https://www.ffmpeg.org/download.html"}, {"url": "https://excellent-oatmeal-319.notion.site/CVE-2026-30999-Memory-Leak-e0d88ac53e2e42c1b5ef9aa3497e27b6"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T19:11:14.984231Z", "id": "CVE-2026-30999", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T19:11:38.554Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30999", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T19:11:14.984231Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T19:11:34.357Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/FFmpeg/FFmpeg/blob/master/tools/zmqsend.c"}, {"url": "https://ffmpeg.org/doxygen/7.0/zmqsend_8c_source.html"}, {"url": "https://www.ffmpeg.org/download.html"}, {"url": "https://excellent-oatmeal-319.notion.site/CVE-2026-30999-Memory-Leak-e0d88ac53e2e42c1b5ef9aa3497e27b6"}], "descriptions": [{"lang": "en", "value": "A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T14:21:21.878Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30999", "state": "PUBLISHED", "dateUpdated": "2026-04-13T19:11:38.554Z", "dateReserved": "2026-03-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-13T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC0744C3-5732-466C-B936-078E938A66B6", "versionEndIncluding": "8.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input."}], "id": "CVE-2026-30999", "lastModified": "2026-04-23T20:10:36.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-13T15:17:32.827", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://excellent-oatmeal-319.notion.site/CVE-2026-30999-Memory-Leak-e0d88ac53e2e42c1b5ef9aa3497e27b6"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://ffmpeg.org/doxygen/7.0/zmqsend_8c_source.html"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/FFmpeg/FFmpeg/blob/master/tools/zmqsend.c"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.ffmpeg.org/download.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "FFmpeg: FFmpeg: Denial of Service via heap buffer overflow in av_bprint_finalize()", "id": "2457860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457860"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-787", "details": ["A flaw was found in FFmpeg. A remote attacker could exploit a heap buffer overflow vulnerability in the `av_bprint_finalize()` function by providing a specially crafted input. This could lead to a Denial of Service (DoS), making the affected system or application unavailable to legitimate users."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-30999", "package_state": [{"cpe": "cpe:/a:redhat:lightspeed_core", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/rag-tool", "product_name": "Lightspeed Core"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "ffmpeg", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/bootc-cuda-3-3", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/bootc-cuda-aws-3-3", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/bootc-cuda-azure-3-3", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/bootc-cuda-gcp-3-3", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/bootc-rocm-3-3", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/bootc-rocm-azure-3-3", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-vllm-gaudi-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}], "public_date": "2026-04-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-30999\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-30999\nhttps://excellent-oatmeal-319.notion.site/CVE-2026-30999-Memory-Leak-e0d88ac53e2e42c1b5ef9aa3497e27b6\nhttps://ffmpeg.org/doxygen/7.0/zmqsend_8c_source.html\nhttps://github.com/FFmpeg/FFmpeg/blob/master/tools/zmqsend.c\nhttps://www.ffmpeg.org/download.html"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,8.0.1]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "ffmpeg", "vendor": "ffmpeg"}], "analysis": {"en": {"generated_at": "2026-04-14T01:29:02.484814+00:00", "value": {"mitigation_remediation": ["Upgrade FFmpeg to the latest stable release that resolves the heap buffer overflow in av_bprint_finalize().", "If immediate upgrade is not possible, verify that the FFmpeg binary comes from a trusted source and includes integrity verification, such as checksums or signatures.", "Restrict the use of FFmpeg to trusted media sources, and validate or sanitize all input before passing it to the binary.", "Monitor application logs for abnormal crashes or segmentation faults that may indicate exploitation attempts."], "summary": {"action": "Patch Now", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "This vulnerability affects the FFmpeg open\u2011source multimedia framework, specifically version 8.0.1. The affected component is the av_bprint_finalize() function used during packet processing. All deployments using FFmpeg 8.0.1 or earlier unreleased builds that include the same code path are at risk. No other vendors or products are listed, but any system that executes FFmpeg to process media input should assess if version 8.0.1 is in use.", "description_and_impact": "The vulnerability is a heap buffer overflow in av_bprint_finalize() within FFmpeg 8.0.1, caused by improperly handled input that leads to memory corruption. An attacker can supply a crafted media or command string to trigger the overflow, resulting in an application crash and denial of service. The flaw is a classic buffer overflow (CWE-122, CWE-787), allowing loss of application availability but not immediate confidentiality or integrity compromise.", "risk_and_exploitability": "The CVSS score of 7.5 indicates high severity. No EPSS score is available, which makes precise exploitation probability uncertain, but lack of presence in KEV suggests no known active exploits yet. Based on the description, the likely attack vector is local or via malicious input provided to FFmpeg \u2013 for example, through a user\u2011controlled media file. If attackers can influence FFmpeg's input stream, they can trigger the overflow, causing a service interruption."}}}}, "created": "2026-04-14T16:21:56.715162+00:00", "updated": "2026-04-14T16:35:46.304972+00:00", "vendors": ["ffmpeg", "ffmpeg$PRODUCT$ffmpeg"]}