CVE Catalog

CVE-2026-12706

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

15th percentile — higher than 15% of all known CVEs

Summary

A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling.

Risk Assessment

An attacker could exploit this by providing a specially crafted AVI file containing a malicious RASC video stream, which could lead to a denial of service (crash).

Recommendation

It is recommended to update FFmpeg to the latest version to mitigate this vulnerability and to avoid opening unknown AVI files.

Original NVD description (English source)

A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker could exploit this by providing a specially crafted AVI file containing a malicious RASC video stream. When a user opens or plays the file, the decoder reads from freed heap memory, which could lead to a denial of service (crash).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS