CVE Catalog

CVE-2026-36911

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Risk Assessment

An attacker can remotely crash the application, leading to disruption of the media player and potential user workflow interruption.

Recommendation

It is recommended to immediately update MPC-BE to a version containing commit 4341cb3 or later, which fixes this vulnerability.

Original NVD description (English source)

A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS