CVE-2026-6385

MEDIUM 6.5

Ffmpeg: ffmpeg: denial of service and potential arbitrary code execution via signed integer overflow in dvd subtitle parser

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.

CWE	CWE-190
Vendor	red hat
Product	lightspeed core
Published	Apr 15, 2026
Last Updated	Apr 15, 2026

Stay Ahead of the Next One

Get instant alerts for red hat lightspeed core

Be the first to know when new medium vulnerabilities affecting red hat lightspeed core are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

Red Hat / Lightspeed Core

All versions affected

Red Hat / Red Hat AI Inference Server

All versions affected