Ffmpeg : Security Vulnerabilities, CVEs, (Information Leak) CVSS score >= 8
In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.
Max CVSS
8.1
EPSS Score
0.25%
Published
2018-07-05
Updated
2020-01-14
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.
Max CVSS
8.1
EPSS Score
0.29%
Published
2018-07-05
Updated
2021-01-04
2 vulnerabilities found