🔴 高危 | CVE-2026-58049 — FFmpeg's RASC video decoder (decode_dlta in libavcodec/
🔴 《高危安全漏洞:CVE-2026-58049》
CVSS 评分: 高危(8.8) CVE ID: CVE-2026-58049
漏洞描述
FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation. A crafted media stream using the RASC FourCC, decoded by libavcodec, triggers a bitstream-controlled out-of-bounds heap write and adjacent out-of-bounds read, leading to memory corruption.
| 字段 | 值 |
|---|---|
| CVE ID | CVE-2026-58049 |
| CVSS 评分 | 8.8 |
| 严重程度 | 高危 |
| 发布时间 | 2026-06-28 |
| 状态 | Received |
数据来源: NVD | 获取时间: 2026-06-28 18:15
💬 评论