Vulnerability DatabaseCVE-2026-6385

CVE-2026-6385:
Ffmpeg vulnerability analysis and mitigation

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.

Source: NVD

Related Ffmpeg vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-40962	CRITICAL	9.8	Ffmpeg	ffmpeg	No	Yes	Apr 16, 2026
CVE-2026-30997	HIGH	7.5	Ffmpeg	ffmpeg	No	No	Apr 13, 2026
CVE-2026-6385	MEDIUM	6.5	Ffmpeg	ffmpeg	No	No	Apr 15, 2026
CVE-2025-12343	MEDIUM	5.5	Ffmpeg	ffmpeg	No	Yes	Feb 18, 2026
CVE-2025-69693	MEDIUM	5.4	Ffmpeg	ffmpeg	No	Yes	Mar 16, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2026-6385: Ffmpeg vulnerability analysis and mitigation