Improper Resource Deallocation in FFmpeg Tools by Vendor FFmpeg
CVE-2026-30998

7.5HIGH

Key Information:

Vendor: FFmpeg
Status: FFmpeg
Vendor: CVE Published:; 13 April 2026

What is CVE-2026-30998?

A vulnerability exists in the FFmpeg toolset, specifically within the zmqsend.c component, where improper resource deallocation and closure can occur. This can be exploited by an attacker who supplies a specially crafted input file, potentially leading to a Denial of Service (DoS). The issue arises due to inadequate handling of resources, making the system susceptible to interruptions and crashes during processing.

References

https://github.com/FFmpeg/FFmpeg/blob/master/tools/zmqsend.c

https://ffmpeg.org/doxygen/7.0/zmqsend_8c_source.html

https://excellent-oatmeal-319.notion.site/CVE-2026-30998-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-30998 Data

JSON