CVE-2026-58049

Summary

FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A crafted media stream using the RASC FourCC, decoded by libavcodec, triggers a bitstream-controlled out-of-bounds heap write and adjacent out-of-bounds read, leading to memory corruption.

Affected Software

VendorProductVersion RangeStatus
FFmpegFFmpeg0 <= bcd2c69e087a09b07cf45c6bd2428ee1ccb2925caffected

Weaknesses

  • CWE-787: Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

FFmpeg: FFmpeg: Memory corruption via crafted RASC video stream

Additional References

References