{"id":"JLSEC-2026-652","summary":"FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common...","details":"FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.","modified":"2026-07-02T05:47:02.313685326Z","published":"2026-06-26T20:24:16.337Z","upstream":["CVE-2026-40962","GHSA-48wr-p98v-9w5h","EUVD-2026-23153"],"database_specific":{"license":"CC-BY-4.0","sources":[{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-40962","database_specific":{"status":"Analyzed"},"html_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40962","published":"2026-04-16T02:16:12.227Z","modified":"2026-06-17T10:45:56.580Z","imported":"2026-06-26T19:19:07.813Z","id":"CVE-2026-40962"},{"url":"https://api.github.com/advisories/GHSA-48wr-p98v-9w5h","html_url":"https://github.com/advisories/GHSA-48wr-p98v-9w5h","published":"2026-04-16T03:31:06Z","modified":"2026-04-16T03:31:12Z","imported":"2026-06-26T19:19:41.138Z","id":"GHSA-48wr-p98v-9w5h"},{"url":"https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-23153","html_url":"https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23153","published":"2026-04-16T01:33:37Z","modified":"2026-04-16T12:31:48Z","imported":"2026-06-26T19:19:09.237Z","id":"EUVD-2026-23153"}]},"references":[{"type":"WEB","url":"https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22348"},{"type":"WEB","url":"https://github.com/advisories/GHSA-48wr-p98v-9w5h"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40962"}],"affected":[{"package":{"name":"FFMPEG_jll","ecosystem":"Julia","purl":"pkg:julia/FFMPEG_jll?uuid=b22a6f82-2f65-5046-a5b2-351ab43fb4e5"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"8.1.0+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-652.json"}},{"package":{"name":"FFMPEG_nogpl_jll","ecosystem":"Julia","purl":"pkg:julia/FFMPEG_nogpl_jll?uuid=a6892c6b-5768-548c-b024-ff8dabf482c5"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"8.1.0+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-652.json"}},{"package":{"name":"FFplay_jll","ecosystem":"Julia","purl":"pkg:julia/FFplay_jll?uuid=c4dce911-e170-5107-8314-c7bdc6785395"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"8.1.2+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-652.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}