In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ffmpeg ffmpeg 3.3.3 |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |