Out-of-Array Access Vulnerability in FFmpeg 4.0.1

Out-of-Array Access Vulnerability in FFmpeg 4.0.1

CVE-2018-13302 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.

Learn more about our Web Application Penetration Testing UK.