CVE-2026-6385

Name of the Vulnerable Software and Affected Versions FFmpeg (affected versions not specified)

Description A signed integer overflow exists in the DVD subtitle parser's fragment reassembly bounds checks. A remote attacker can exploit this by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream, leading to a heap out-of-bounds write. This may result in a denial of service due to an application crash or potentially allow arbitrary code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.