Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg prior to 0.10.14, 1.1.x prior to 1.1.12, 1.2.x prior to 1.2.7, 2.0.x prior to 2.0.5, 2.1.x prior to 2.1.5, and 2.2.x prior to 2.2.4 allows remote malicious users to execute arbitrary code via a crafted Literal Run.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ffmpeg ffmpeg |