High severity7.5NVD Advisory· Published Apr 13, 2026· Updated Apr 23, 2026

CVE-2026-30998

Description

An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file.

Affected products

FFmpeg/Ffmpeg
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
Range: <=8.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

excellent-oatmeal-319.notion.site/CVE-2026-30998-Resource-Leak-3265a71f9cca4dc58df4632ce8b60a50nvdExploitThird Party Advisory
ffmpeg.org/doxygen/7.0/zmqsend_8c_source.htmlnvdProduct
github.com/FFmpeg/FFmpeg/blob/master/tools/zmqsend.cnvdProduct

News mentions

Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia
Dark Reading · May 4, 2026
Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India
Securelist · Apr 30, 2026
Glasswing Secured the Code. The Rest of Your Stack Is Still on You
Dark Reading · Apr 24, 2026
Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities
Infosecurity Magazine · Apr 8, 2026
Risky Business #832 -- Anthropic unveils magical 0day computer God
Risky Business · Apr 8, 2026

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000