The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
[ { "signature_type": "Function", "id": "CVE-2018-6621-04420188", "source": "https://github.com/ffmpeg/ffmpeg/commit/22aa37c0fedf14531783189a197542a055959b6c", "signature_version": "v1", "target": { "function": "decode_frame", "file": "libavcodec/utvideodec.c" }, "digest": { "function_hash": "118628482742309640807246975102458427469", "length": 6485.0 }, "deprecated": false } ]