High severity7.5NVD Advisory· Published Apr 13, 2026· Updated Apr 23, 2026
CVE-2026-30997
CVE-2026-30997
Description
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
16- osv-coords14 versionspkg:apk/chainguard/ffmpeg-6pkg:apk/chainguard/ffmpeg-7.1pkg:apk/chainguard/ffmpeg-8.0pkg:apk/wolfi/ffmpeg-7.1pkg:apk/wolfi/ffmpeg-8.0pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ffmpeg-7&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ffmpeg-8&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7
< 6.1.4-r5+ 13 more
- (no CPE)range: < 6.1.4-r5
- (no CPE)range: < 7.1.3-r7
- (no CPE)range: < 8.0.2-r0
- (no CPE)range: < 7.1.3-r7
- (no CPE)range: < 8.0.2-r0
- (no CPE)range: < 4.4.7-3.1
- (no CPE)range: < 7.1.4-3.1
- (no CPE)range: < 8.1.1-3.1
- (no CPE)range: < 4.4.7-150400.3.67.1
- (no CPE)range: < 4.4.7-150400.3.67.1
- (no CPE)range: < 4.4.7-150600.13.47.1
- (no CPE)range: < 4.4.7-150400.3.67.1
- (no CPE)range: < 4.4.7-150400.3.67.1
- (no CPE)range: < 4.4.7-150600.13.47.1
Patches
Vulnerability mechanics
References
1- excellent-oatmeal-319.notion.site/CVE-2026-30997-Out-of-Bounds-Access-a7929817b9794568b2f7774397c7d65fnvdExploitMitigationThird Party Advisory
News mentions
0No linked articles in our index yet.