CVE-2026-36911
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
Risk Assessment
An attacker can remotely crash the application, leading to disruption of the media player and potential user workflow interruption.
Recommendation
It is recommended to immediately update MPC-BE to a version containing commit 4341cb3 or later, which fixes this vulnerability.
Original NVD description (English source)
A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

