FFmpeg
FFmpeg
See the latest tracked release, confirm when it was published, and subscribe for update emails.
8.1.1
- Release date
- May 04, 2026
- Security status
- 4 high-severity CVEs tracked in the last 90 days. Current version not affected.
Source
Public release notes are linked for the latest stored release.
Release history
See the latest published releases stored for this product.
| Version | Published | Notes |
|---|---|---|
| 8.1.1 | 2026-05-04 | Release Notes |
| 8.1.0 | 2026-03-16 | Release Notes |
Vulnerability tracking
versionPing monitors CVEs for this product. Matching CVEs are listed below. We only display CVEs with a CVSS score of 7.0 or higher that were published within the last 90 days.
Affected status is inferred from published affected version ranges where available. Always verify against the vendor advisory before making production decisions.
| CVE | Severity | Published | Status | Summary |
|---|---|---|---|---|
| CVE-2026-40962 | CRITICAL (9.8) | 2026-04-16 | Current versionnot affected | FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c. Affected versions
|
| CVE-2026-30999 | HIGH (7.5) | 2026-04-13 | Current versionnot affected | A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. Affected versions
|
| CVE-2026-30998 | HIGH (7.5) | 2026-04-13 | Current versionnot affected | An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file. Affected versions
|
| CVE-2026-30997 | HIGH (7.5) | 2026-04-13 | Current versionnot affected | An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. Affected versions
|