Medium severity4.9NVD Advisory· Published Apr 16, 2026· Updated Apr 20, 2026
CVE-2026-40962
CVE-2026-40962
Description
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22348nvdIssue TrackingPatch
News mentions
5- Silver Fox Springs Tax-Themed Attacks on Orgs in India, RussiaDark Reading · May 4, 2026
- Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and IndiaSecurelist · Apr 30, 2026
- Glasswing Secured the Code. The Rest of Your Stack Is Still on YouDark Reading · Apr 24, 2026
- Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software VulnerabilitiesInfosecurity Magazine · Apr 8, 2026
- Risky Business #832 -- Anthropic unveils magical 0day computer GodRisky Business · Apr 8, 2026