| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Arbitrary code execution |
|
| Description |
| + |
FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. |
|
| References |
| + |
https://trac.ffmpeg.org/ticket/8845 |
| + |
https://trac.ffmpeg.org/ticket/8863 |
| + |
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 |
| + |
http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f |
|
| Notes |
| + |
The vulnerable code was introduced on the master branch in commit 9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 and is not present on the 4.3 release branch that Arch Linux currently ships. |
|