CVE-2026-30998: High severity FFmpeg FFmpeg vulnerability

Q: What is the severity of CVE-2026-30998?

CVE-2026-30998 is classified as a Denial of Service (DoS) vulnerability.

Q: How do I fix CVE-2026-30998?

To fix CVE-2026-30998, upgrade FFmpeg to a version later than 8.0.1 where the vulnerability is resolved.

Q: Which version of FFmpeg is affected by CVE-2026-30998?

FFmpeg version 8.0.1 is affected by CVE-2026-30998.

Q: What type of attack does CVE-2026-30998 allow?

CVE-2026-30998 allows an attacker to cause a Denial of Service (DoS) via crafted input files.

Q: Where is the vulnerable code located for CVE-2026-30998?

The vulnerable code for CVE-2026-30998 is located in the tools/zmqsend.c component of FFmpeg.

Published Apr 13, 2026

Updated

An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file.

Affected Software

2 affected components

FFmpeg FFmpeg=8.0.1

FFmpeg FFmpeg<=8.0.1

Event History

Apr 13, 2026

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Data Sourced

via NVD·03:17 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2026-30998?

CVE-2026-30998 is classified as a Denial of Service (DoS) vulnerability.

How do I fix CVE-2026-30998?

To fix CVE-2026-30998, upgrade FFmpeg to a version later than 8.0.1 where the vulnerability is resolved.

Which version of FFmpeg is affected by CVE-2026-30998?

FFmpeg version 8.0.1 is affected by CVE-2026-30998.

What type of attack does CVE-2026-30998 allow?

CVE-2026-30998 allows an attacker to cause a Denial of Service (DoS) via crafted input files.

Where is the vulnerable code located for CVE-2026-30998?