The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "294836802028254104437015519727142575903", "329944762376806700361291339240494798822", "320298714614336043866888945378643631563", "59044922675942639841070301700479117755" ] }, "signature_type": "Line", "source": "https://github.com/ffmpeg/ffmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb", "signature_version": "v1", "target": { "file": "libavcodec/mpeg4videodec.c" }, "deprecated": false, "id": "CVE-2019-11339-aa5b60c2" }, { "digest": { "function_hash": "312495717718519555182595270957768899859", "length": 1782.0 }, "signature_type": "Function", "source": "https://github.com/ffmpeg/ffmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb", "signature_version": "v1", "target": { "file": "libavcodec/mpeg4videodec.c", "function": "decode_studio_vop_header" }, "deprecated": false, "id": "CVE-2019-11339-b21214eb" } ] }