VDB
CVE-2026-40962
CVE-2026-40962
PUBLISHED
CVSS 4.900000095367432 MEDIUM
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
EPSS 0.01% · 1.4th percentile
Risk Scores
CVSS v3.1
4.900000095367432
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.01%
1.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ffmpeg | ffmpeg | 4.1 |
| FFmpeg | FFmpeg | 4.1 |
Timeline
- Apr 16, 2026 EPSS Score
- Apr 16, 2026 CVE Published
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score