CVE-2026-12706

Name of the Vulnerable Software and Affected Versions FFmpeg (affected versions not specified)

Description A use-after-free issue exists in the RASC video decoder. The decode move() function initializes a read pointer into a decompressed buffer; however, a subsequent reallocation of that buffer during move-table processing results in a dangling pointer. An attacker can trigger this by providing a specially crafted AVI file containing a malicious RASC video stream, causing the decoder to read from freed heap memory, which may lead to a denial of service (crash).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.