The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
[ { "deprecated": false, "target": { "file": "libavcodec/utvideodec.c", "function": "decode_frame" }, "signature_type": "Function", "source": "https://github.com/ffmpeg/ffmpeg/commit/22aa37c0fedf14531783189a197542a055959b6c", "digest": { "length": 6485.0, "function_hash": "118628482742309640807246975102458427469" }, "id": "CVE-2018-6621-04420188", "signature_version": "v1" } ]