CVE-2026-30997: An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cau

Description

An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Affected Products

Vendor	Product	Versions
ffmpeg	ffmpeg	n/a

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	ffmpeg	cert_advisory	90%

References

Related News (2 articles)

Tier B

BSI Advisories9h ago

[NEU] [mittel] ffmpeg: Mehrere Schwachstellen ermöglichen Denial of Service

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-30997 | FFmpeg 8.0.1 libavcodec/av1dec.c read_global_param out-of-bounds

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-125

PublishedApr 13, 2026

Last enriched16h agov2

Trending Score65

Source articles2

Independent2

Info Completeness6/14

Missing: cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 16h ago

v2Tier C1d ago

Updated vendor and product to FFmpeg, set severity to HIGH, and marked the vulnerability as actively exploited.

affectedVersionsseverityactivelyExploited

via VulDB

v11d ago

Initial creation

CVE-2026-30997: An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cau

Description

Affected Products

Also Affects

References

Related News (2 articles)

Community Vote

Related CVEs (3)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History