{"id":"CLEANSTART-2026-EZ98723","summary":"Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a ...","details":"Multiple security vulnerabilities affect the ffmpeg package. Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps. See references for individual vulnerability details.","modified":"2026-04-02T08:47:49.723402Z","published":"2026-01-30T14:21:51.714006Z","upstream":["CVE-2017-14058","CVE-2017-14225","CVE-2018-10001","CVE-2018-12458","CVE-2018-12459","CVE-2018-12460","CVE-2018-13300","CVE-2018-13301","CVE-2018-13302","CVE-2018-13303","CVE-2018-13304","CVE-2018-13305","CVE-2018-14394","CVE-2018-14395","CVE-2018-15822","CVE-2018-1999010","CVE-2018-1999011","CVE-2018-1999012","CVE-2018-1999013","CVE-2018-1999014","CVE-2018-1999015","CVE-2018-6912","CVE-2018-7557","CVE-2018-7751","CVE-2018-7757","CVE-2018-9841","CVE-2019-1000016","CVE-2019-11338","CVE-2019-11339","CVE-2019-12730","CVE-2019-17539","CVE-2019-17542","CVE-2019-9718","CVE-2019-9721","CVE-2020-12284","CVE-2020-13904","CVE-2020-14212","CVE-2020-20446","CVE-2020-20450","CVE-2020-20453","CVE-2020-21041","CVE-2020-22015","CVE-2020-22019","CVE-2020-22021","CVE-2020-22037","CVE-2020-22038","CVE-2020-22042","CVE-2020-24020","CVE-2020-35964","CVE-2020-35965","CVE-2021-30123","CVE-2021-33815","CVE-2021-38114","CVE-2021-38171","CVE-2021-38291","CVE-2022-3965","CVE-2023-46407","CVE-2023-47470"],"database_specific":{},"references":[{"type":"ADVISORY","url":"https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-EZ98723"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2017-14058"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2017-14225"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-10001"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-12458"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-12459"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-12460"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-13300"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-13301"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-13302"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-13303"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-13304"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-13305"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-14394"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-14395"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-15822"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-1999010"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-1999011"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-1999012"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-1999013"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-1999014"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-1999015"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-6912"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-7557"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-7751"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-7757"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-9841"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2019-1000016"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2019-11338"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2019-11339"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2019-12730"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2019-17539"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2019-17542"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2019-9718"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2019-9721"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-12284"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-13904"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-14212"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-20446"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-20450"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-20453"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-21041"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-22015"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-22019"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-22021"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-22037"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-22038"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-22042"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-24020"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-35964"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-35965"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-30123"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-33815"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-38114"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-38171"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-38291"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-3965"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2023-46407"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2023-47470"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14058"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14225"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10001"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12458"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12459"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12460"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13300"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13301"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13302"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13303"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13304"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13305"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14394"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14395"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-15822"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1999010"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1999011"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1999012"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1999013"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1999014"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1999015"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6912"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7557"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7751"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7757"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-9841"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1000016"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11338"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11339"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12730"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17539"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17542"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9718"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9721"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12284"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13904"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14212"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-20446"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-20450"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-20453"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-21041"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22015"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22019"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22021"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22037"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22038"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22042"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24020"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35964"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35965"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-30123"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33815"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38114"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38171"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38291"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3965"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46407"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47470"}],"affected":[{"package":{"name":"ffmpeg","ecosystem":"CleanStart"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1-r0"}]}],"database_specific":{"source":"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-EZ98723.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}