FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.
https://trac.ffmpeg.org/ticket/8845 https://trac.ffmpeg.org/ticket/8863 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
The vulnerable code was introduced on the master branch in commit 9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 and is not present on the 4.3 release branch that Arch Linux currently ships.