libavcodec/scpr.c in FFmpeg 3.3 prior to 3.3.1 does not properly validate height and width data, which allows remote malicious users to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ffmpeg ffmpeg 3.3 |