CVE-2026-30999: A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Servi

Description

A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Affected Products

Vendor	Product	Versions
ffmpeg	ffmpeg	n/a

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	ffmpeg	cert_advisory	90%

References

Related News (2 articles)

Tier B

BSI Advisories12h ago

[NEU] [mittel] ffmpeg: Mehrere Schwachstellen ermöglichen Denial of Service

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-30999 | FFmpeg 8.0.1 av_bprint_finalize denial of service

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-122

PublishedApr 13, 2026

Last enriched20h agov2

Trending Score64

Source articles2

Independent2

Info Completeness6/14

Missing: cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 20h ago

v2Tier C1d ago

Updated vendor and product to FFmpeg, set severity to HIGH, and marked the vulnerability as actively exploited.

affectedVersionsseverityactivelyExploited

via VulDB

v11d ago

Initial creation

CVE-2026-30999: A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Servi

Description

Affected Products

Also Affects

References

Related News (2 articles)

Community Vote

Related CVEs (3)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History