CVE-2026-6385: Ffmpeg: ffmpeg: denial of service and potential arbitrary code execution via signed integer overflow in dvd subtitle parser
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2026-6385?
CVE-2026-6385 is classified as a denial of service vulnerability with a potential for arbitrary code execution, making it a critical concern.
How do I fix CVE-2026-6385?
To fix CVE-2026-6385, update to the latest version of FFmpeg that addresses this vulnerability.
What types of attacks can be carried out using CVE-2026-6385?
CVE-2026-6385 can lead to denial of service attacks and may allow remote attackers to execute arbitrary code.
Which software is affected by CVE-2026-6385?
FFmpeg is the primary software affected by CVE-2026-6385 due to its DVD subtitle parser.
Can CVE-2026-6385 affect my system if I do not use FFmpeg?
If you do not use FFmpeg, CVE-2026-6385 should not directly affect your system, but it is advisable to monitor for related risks.