Note:
This project will be discontinued after December 13, 2021. [more]
2020-06-16
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.
| Products | Ffmpeg |
| Type | Out-of-bounds Write (CWE-787) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=1463
• https://trac.ffmpeg.org/ticket/8716 • https://security.gentoo.org/glsa/202007-58 |