Bug 2458764 (CVE-2026-6385) - CVE-2026-6385 ffmpeg: FFmpeg: Denial of Service and potential arbitrary code execution via signed integer overflow in DVD subtitle parser
Summary: CVE-2026-6385 ffmpeg: FFmpeg: Denial of Service and potential arbitrary code ...
Keywords:
Status: NEW
Alias: CVE-2026-6385
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-15 19:13 UTC by OSIDB Bzimport
Modified: 2026-05-04 03:10 UTC (History)
14 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-04-15 19:13:35 UTC 
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.
Comment 2 Thaddeus Jorvik 2026-04-27 04:09:22 UTC 
Make sure you’re on a patched FFmpeg build since this is a parser level issue and hard to mitigate otherwise. Are you sanitizing or rejecting untrusted media inputs before processing?
Comment 3 Thaddeus Jorvik 2026-05-04 03:10:48 UTC 
I’m currently relying on the default FFmpeg build, so I’ll check if it’s patched. For now I’m not doing strict sanitization, just basic validation, do you recommend rejecting unsupported formats upfront?
https://fnf-games.io
Note You need to log in before you can comment on or make changes to this bug.