Note:
This project will be discontinued after December 13, 2021. [more]
2019-04-19
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.
| Products | Ffmpeg |
| Type | Out-of-bounds Read (CWE-125) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a
• https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb • https://usn.ubuntu.com/3967-1/ • http://www.securityfocus.com/bid/108037 |