FFmpeg
FFmpeg
See the latest tracked release, confirm when it was published, and subscribe for update emails.
7.1.4
- Release date
- May 05, 2026
- Security status
- Current version appears affected by 4 high-severity CVEs.
Source
Public release notes are linked for the latest stored release.
Release history
See the latest published releases stored for this product.
| Version | Published | Notes |
|---|---|---|
| 7.1.4 | 2026-05-05 | Release Notes |
| 7.1.3 | 2025-11-21 | Release Notes |
Vulnerability tracking
versionPing monitors CVEs for this product. Matching CVEs are listed below. We only display CVEs with a CVSS score of 7.0 or higher that were published within the last 90 days.
Affected status is inferred from published affected version ranges where available. Always verify against the vendor advisory before making production decisions.
| CVE | Severity | Published | Status | Summary |
|---|---|---|---|---|
| CVE-2026-40962 | CRITICAL (9.8) | 2026-04-16 | Current versionaffected | FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c. Affected versions
|
| CVE-2026-30999 | HIGH (7.5) | 2026-04-13 | Current versionaffected | A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. Affected versions
|
| CVE-2026-30998 | HIGH (7.5) | 2026-04-13 | Current versionaffected | An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file. Affected versions
|
| CVE-2026-30997 | HIGH (7.5) | 2026-04-13 | Current versionaffected | An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. Affected versions
|