{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-58049", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-06-28T00:55:25.425Z", "datePublished": "2026-06-28T01:32:52.900Z", "dateUpdated": "2026-06-30T12:10:42.134Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-28T01:32:52.900Z"}, "datePublic": "2026-06-26T00:00:00.000Z", "title": "FFmpeg - Out-of-Bounds Write in RASC Decoder decode_dlta()", "descriptions": [{"lang": "en", "value": "FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A crafted media stream using the RASC FourCC, decoded by libavcodec, triggers a bitstream-controlled out-of-bounds heap write and adjacent out-of-bounds read, leading to memory corruption."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "FFmpeg", "product": "FFmpeg", "defaultStatus": "affected", "versions": [{"version": "0", "status": "affected", "versionType": "git", "lessThanOrEqual": "bcd2c69e087a09b07cf45c6bd2428ee1ccb2925c"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*"}]}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH"}}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "references": [{"url": "https://github.com/bikini/exploitarium/tree/main/ffmpeg-rasc-dlta-calc-poc", "name": "Proof of Concept", "tags": ["exploit", "third-party-advisory"]}, {"url": "https://github.com/FFmpeg/FFmpeg/blob/master/libavcodec/rasc.c", "name": "libavcodec/rasc.c", "tags": ["product"]}, {"name": "VulnCheck Advisory: FFmpeg - Out-of-Bounds Write in RASC Decoder decode_dlta()", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/ffmpeg-out-of-bounds-write-in-rasc-decoder-decode-dlta"}], "credits": [{"lang": "en", "value": "ashdfrkl", "type": "finder"}], "x_generator": {"engine": "vulncheck-endgame"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-29T13:52:19.360635Z", "id": "CVE-2026-58049", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-29T13:52:27.762Z"}}, {"affected": [{"cpes": ["cpe:/a:redhat:enterprise_linux_ai:3"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AI (RHEL AI) 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_ai"], "defaultStatus": "affected", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat"}], "datePublic": "2026-06-28T01:32:52.900Z", "descriptions": [{"lang": "en", "value": "A flaw was found in FFmpeg's RASC video decoder. A remote attacker could exploit this by providing a crafted media stream using the RASC FourCC (Four Character Code), which is then decoded by libavcodec. This vulnerability triggers a bitstream-controlled out-of-bounds heap write and an adjacent out-of-bounds read, leading to memory corruption. This can result in a denial of service or potentially arbitrary code execution."}], "metrics": [{"other": {"content": {"namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["vdb-entry", "x_refsource_REDHAT"], "url": "https://access.redhat.com/security/cve/CVE-2026-58049"}, {"name": "RHBZ#2493952", "tags": ["issue-tracking", "x_refsource_REDHAT"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493952"}, {"tags": ["x_sadp-csaf-vex"], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-58049.json"}], "timeline": [{"lang": "en", "time": "2026-06-28T03:01:15.644Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-28T01:32:52.900Z", "value": "Made public."}], "title": "FFmpeg: FFmpeg: Memory corruption via crafted RASC video stream", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "x_adpType": "supplier", "x_generator": {"engine": "sadp-cli 1.0.0"}, "providerMetadata": {"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-30T12:10:42.134Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "FFmpeg: FFmpeg: Memory corruption via crafted RASC video stream", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:/a:redhat:enterprise_linux_ai:3"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux AI (RHEL AI) 3", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift_ai"], "vendor": "Red Hat", "product": "Red Hat OpenShift AI (RHOAI)", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-06-28T03:01:15.644Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-28T01:32:52.900Z", "value": "Made public."}], "x_adpType": "supplier", "datePublic": "2026-06-28T01:32:52.900Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-58049", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493952", "name": "RHBZ#2493952", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-58049.json", "tags": ["x_sadp-csaf-vex"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "x_generator": {"engine": "sadp-cli 1.0.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in FFmpeg's RASC video decoder. A remote attacker could exploit this by providing a crafted media stream using the RASC FourCC (Four Character Code), which is then decoded by libavcodec. This vulnerability triggers a bitstream-controlled out-of-bounds heap write and an adjacent out-of-bounds read, leading to memory corruption. This can result in a denial of service or potentially arbitrary code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-30T03:16:03.270Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-58049", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-29T13:52:19.360635Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-29T13:52:24.271Z"}}], "cna": {"title": "FFmpeg - Out-of-Bounds Write in RASC Decoder decode_dlta()", "credits": [{"lang": "en", "type": "finder", "value": "ashdfrkl"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "FFmpeg", "product": "FFmpeg", "versions": [{"status": "affected", "version": "0", "versionType": "git", "lessThanOrEqual": "bcd2c69e087a09b07cf45c6bd2428ee1ccb2925c"}], "defaultStatus": "affected"}], "datePublic": "2026-06-26T00:00:00.000Z", "references": [{"url": "https://github.com/bikini/exploitarium/tree/main/ffmpeg-rasc-dlta-calc-poc", "name": "Proof of Concept", "tags": ["exploit", "third-party-advisory"]}, {"url": "https://github.com/FFmpeg/FFmpeg/blob/master/libavcodec/rasc.c", "name": "libavcodec/rasc.c", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/ffmpeg-out-of-bounds-write-in-rasc-decoder-decode-dlta", "name": "VulnCheck Advisory: FFmpeg - Out-of-Bounds Write in RASC Decoder decode_dlta()", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck-endgame"}, "descriptions": [{"lang": "en", "value": "FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A crafted media stream using the RASC FourCC, decoded by libavcodec, triggers a bitstream-controlled out-of-bounds heap write and adjacent out-of-bounds read, leading to memory corruption."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-28T01:32:52.900Z"}}}, "cveMetadata": {"cveId": "CVE-2026-58049", "state": "PUBLISHED", "dateUpdated": "2026-06-30T03:16:03.270Z", "dateReserved": "2026-06-28T00:55:25.425Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-06-28T01:32:52.900Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "FFmpeg: FFmpeg: Memory corruption via crafted RASC video stream", "id": "2493952", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493952"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A crafted media stream using the RASC FourCC, decoded by libavcodec, triggers a bitstream-controlled out-of-bounds heap write and adjacent out-of-bounds read, leading to memory corruption.", "A flaw was found in FFmpeg's RASC video decoder. A remote attacker could exploit this by providing a crafted media stream using the RASC FourCC (Four Character Code), which is then decoded by libavcodec. This vulnerability triggers a bitstream-controlled out-of-bounds heap write and an adjacent out-of-bounds read, leading to memory corruption. This can result in a denial of service or potentially arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-58049", "package_state": [{"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "ffmpeg", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-aws-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-azure-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-azure-rocm-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-gcp-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-rocm-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Affected", "package_name": "rhoai/odh-vllm-gaudi-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}], "public_date": "2026-06-28T01:32:52Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-58049\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-58049\nhttps://github.com/FFmpeg/FFmpeg/blob/master/libavcodec/rasc.c\nhttps://github.com/bikini/exploitarium/tree/main/ffmpeg-rasc-dlta-calc-poc\nhttps://www.vulncheck.com/advisories/ffmpeg-out-of-bounds-write-in-rasc-decoder-decode-dlta"], "statement": "The vulnerability in FFmpeg's RASC video decoder is rated as Important. This flaw allows a remote attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution, by providing a specially crafted media stream. Red Hat products utilizing FFmpeg for RASC video decoding are at risk if they process untrusted media content.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,bcd2c69e087a09b07cf45c6bd2428ee1ccb2925c]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "FFmpeg", "source": "cna", "vendor": "FFmpeg"}, "product": "ffmpeg", "vendor": "ffmpeg"}], "created": "2026-06-28T03:30:05.217760+00:00", "updated": "2026-06-28T09:30:05.702835+00:00", "vendors": ["ffmpeg", "ffmpeg$PRODUCT$ffmpeg"]}