The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 up to and including 3.4.2 allows remote malicious users to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ffmpeg ffmpeg |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |