High severity7.5NVD Advisory· Published Apr 13, 2026· Updated Apr 23, 2026
CVE-2026-30999
CVE-2026-30999
Description
A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- excellent-oatmeal-319.notion.site/CVE-2026-30999-Memory-Leak-e0d88ac53e2e42c1b5ef9aa3497e27b6nvdExploitThird Party Advisory
- ffmpeg.org/doxygen/7.0/zmqsend_8c_source.htmlnvdProduct
- github.com/FFmpeg/FFmpeg/blob/master/tools/zmqsend.cnvdProduct
- www.ffmpeg.org/download.htmlnvdProduct
News mentions
5- Silver Fox Springs Tax-Themed Attacks on Orgs in India, RussiaDark Reading · May 4, 2026
- Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and IndiaSecurelist · Apr 30, 2026
- Glasswing Secured the Code. The Rest of Your Stack Is Still on YouDark Reading · Apr 24, 2026
- Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software VulnerabilitiesInfosecurity Magazine · Apr 8, 2026
- Risky Business #832 -- Anthropic unveils magical 0day computer GodRisky Business · Apr 8, 2026