The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
[
{
"digest": {
"line_hashes": [
"245355338625332931830477497745927746422",
"238326218632361086778742459743874489170",
"63010713160282921716960613698296322472",
"284860327072681535399829567538095137079"
],
"threshold": 0.9
},
"id": "CVE-2017-15672-2ce985b8",
"source": "https://github.com/ffmpeg/ffmpeg/commit/d893253fcd93d11258e98857175e93be7d158708",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "libavcodec/ffv1dec.c"
},
"signature_type": "Line"
},
{
"digest": {
"function_hash": "272795847722004352011274510092763330640",
"length": 8724.0
},
"id": "CVE-2017-15672-af549396",
"source": "https://github.com/ffmpeg/ffmpeg/commit/d893253fcd93d11258e98857175e93be7d158708",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "read_header",
"file": "libavcodec/ffv1dec.c"
},
"signature_type": "Function"
}
]