CVE-2026-6385
Published: Apr 15, 2026
Modified: Apr 15, 2026
CVSS v3.1
6.5
Description
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.
| Vendor | Product | Versions |
|---|---|---|
Red Hat | Lightspeed Core | All versions |
Red Hat | Red Hat AI Inference Server | All versions |
Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 | All versions |
Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 | All versions |
Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 | All versions |
Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 | All versions |
Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 | All versions |
Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 | All versions |
Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now