libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Jan 28, 2023
Description
Published by the National Vulnerability Database
Apr 19, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Jan 28, 2023
libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
References