Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 27 Jun 2026 12:42:13 +0000
From:      Piotr Smyrak <smyru@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 28d0364bc506 - main - security/vuxml: document ffmpeg vulnerability
Message-ID:  <6a3fc525.41bc8.11f00cb9@gitrepo.freebsd.org>

index | next in thread | raw e-mail

The branch main has been updated by smyru:

URL: https://cgit.FreeBSD.org/ports/commit/?id=28d0364bc5062aa13ecd6f2383cb4fe6b6bcc170

commit 28d0364bc5062aa13ecd6f2383cb4fe6b6bcc170
Author:     Piotr Smyrak <smyru@FreeBSD.org>
AuthorDate: 2026-06-25 14:22:00 +0000
Commit:     Piotr Smyrak <smyru@FreeBSD.org>
CommitDate: 2026-06-27 12:39:32 +0000

    security/vuxml: document ffmpeg vulnerability
    
    Approved by:    0mp (mentor)
    Approved by:    fernape
    Security:       CVE-2026-8461
    Differential Revision:  https://reviews.freebsd.org/D57843
---
 security/vuxml/vuln/2026.xml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index 81faf2f7aabe..6cb366af6459 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,34 @@
+  <vuln vid="ba8d239f-709f-11f1-a30e-28d2443e6cfa">
+    <topic>ffmpeg -- Out-of-bounds write</topic>
+    <affects>
+    <package>
+	<name>ffmpeg</name>
+	<range><lt>8.1.2</lt></range>
+    </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159 reports:</p>
+	<blockquote cite="https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159">;
+	  <p>An out-of-bounds write vulnerability in FFmpeg's libavcodec library,
+specifically in the MagicYUV decoder, allows denial-of-service and,
+in some cases, can be exploited for remote code execution. This
+vulnerability is associated with the file libavcodec/magicyuv.C.
+This issue affects FFmpeg before version 8.1.2.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2026-8461</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2026-8461</url>;
+      <url>https://github.com/advisories/GHSA-qff7-4q6c-m8h6</url>;
+    </references>
+    <dates>
+      <discovery>2026-06-18</discovery>
+      <entry>2026-06-25</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="ee1e7aef-7117-11f1-873f-2cf05da270f3">
     <topic>Gitlab -- Vulnerabilities</topic>
     <affects>


home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a3fc525.41bc8.11f00cb9>