{ "schema_version": "1.7.0", "id": "MGASA-2026-0153", "published": "2026-05-26T01:55:28Z", "modified": "2026-05-26T01:05:28Z", "summary": "Updated ffmpeg packages fix security vulnerabilities", "details": "An out-of-bounds read in the read_global_param() function\n(libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a\nDenial of Service (DoS) via a crafted input. (CVE-2026-30997)\nFFmpeg before 8.1 has an integer overflow and resultant out-of-bounds\nwrite via CENC (Common Encryption) subsample data to libavformat/mov.c.\n(CVE-2026-40962)\n", "upstream": [ "CVE-2026-30997", "CVE-2026-40962" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2026-0153.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=35546" }, { "type": "WEB", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4TOCC22G6AHEU62PA7DQARAPJYTW6XSE/" }, { "type": "ADVISORY", "url": "https://excellent-oatmeal-319.notion.site/CVE-2026-30997-Out-of-Bounds-Access-a7929817b9794568b2f7774397c7d65f" } ], "affected": [ { "package": { "ecosystem": "Mageia:9", "name": "ffmpeg", "purl": "pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "5.1.9-1.mga9" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:9", "name": "ffmpeg", "purl": "pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "5.1.9-1.mga9.tainted" } ] } ], "ecosystem_specific": { "section": "tainted" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }