CVE-2026-40962: Integer Overflow
Published Apr 16, 2026
·Updated
FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.
Affected Software
2 affected components
FFmpeg FFmpeg<8.1
FFmpeg FFmpeg<8.1
Remediation
Patch Available
Event History
Apr 16, 2026
CVE Published
via MITRE·01:33 AM
Data Sourced
via MITRE·01:33 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·02:16 AM
RemedyDescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-40962?
CVE-2026-40962 is classified as a high severity vulnerability due to its potential to cause an out-of-bounds write.
2
How do I fix CVE-2026-40962?
To mitigate CVE-2026-40962, upgrade FFmpeg to version 8.1 or later, where the vulnerability has been patched.
3
What is the impact of CVE-2026-40962 on affected systems?
CVE-2026-40962 can lead to potential code execution and system crashes via out-of-bounds writes when processing CENC subsample data.
4
Which versions of FFmpeg are affected by CVE-2026-40962?
FFmpeg versions prior to 8.1 are vulnerable to CVE-2026-40962.
5
How does CVE-2026-40962 exploit CENC data?
CVE-2026-40962 exploits an integer overflow in the handling of CENC subsample data, resulting in unsafe memory write operations.