Critical FFmpeg Vulnerabilities Affect Ubuntu Users

Two critical vulnerabilities were discovered in FFmpeg, affecting Ubuntu 24.04 LTS. The first vulnerability, CVE-2025-12343, allows denial of service due to improper memory handling in the TensorFlow DNN backend. The second vulnerability, CVE-2026-40962, could lead to denial of service or arbitrary code execution due to mishandling of subsample data. Both vulnerabilities were reported by Jiasheng Jiang and Quang Luong. Users of Ubuntu 24.04 LTS are particularly at risk, while Ubuntu 26.04 LTS is not affected. Patches are available through system updates. The vulnerabilities were published on February 18, 2026, and April 16, 2026, respectively.

Key Points: • Two critical vulnerabilities in FFmpeg affect Ubuntu 24.04 LTS users. • CVE-2025-12343 allows denial of service via TensorFlow DNN backend memory issues. • CVE-2026-40962 could lead to denial of service or arbitrary code execution.