The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
[ { "signature_type": "Line", "deprecated": false, "source": "https://github.com/ffmpeg/ffmpeg/commit/d893253fcd93d11258e98857175e93be7d158708", "signature_version": "v1", "target": { "file": "libavcodec/ffv1dec.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "245355338625332931830477497745927746422", "238326218632361086778742459743874489170", "63010713160282921716960613698296322472", "284860327072681535399829567538095137079" ] }, "id": "CVE-2017-15672-2ce985b8" }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/ffmpeg/ffmpeg/commit/d893253fcd93d11258e98857175e93be7d158708", "signature_version": "v1", "target": { "function": "read_header", "file": "libavcodec/ffv1dec.c" }, "digest": { "function_hash": "272795847722004352011274510092763330640", "length": 8724.0 }, "id": "CVE-2017-15672-af549396" } ]