CVE-2021-38171 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
Group Package Affected Fixed Severity Status Ticket
AVG-1989 ffmpeg 2:4.4-4 Medium Vulnerable
References
https://patchwork.ffmpeg.org/project/ffmpeg/patch/AS8P193MB12542A86E22F8207EC971930B6F19@AS8P193MB1254.EURP193.PROD.OUTLOOK.COM/
https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6