Description

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.

INFO

Published Date :

2026-04-15T19:18:39.354Z

Last Modified :

2026-04-15T20:01:15.671Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2026-6385 vulnerability.

Vendors Products
Ffmpeg
  • Ffmpeg
Redhat
  • Ai Inference Server
  • Enterprise Linux Ai
  • Lightspeed Core
  • Openshift Ai
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-6385.

URL Resource
https://access.redhat.com/security/cve/CVE-2026-6385 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2458764 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-6385 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-6385 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact