CVE-2026-12706
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling.
Risk Assessment
An attacker could exploit this by providing a specially crafted AVI file containing a malicious RASC video stream, which could lead to a denial of service (crash).
Recommendation
It is recommended to update FFmpeg to the latest version to mitigate this vulnerability and to avoid opening unknown AVI files.
Original NVD description (English source)
A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker could exploit this by providing a specially crafted AVI file containing a malicious RASC video stream. When a user opens or plays the file, the decoder reads from freed heap memory, which could lead to a denial of service (crash).

