JLSEC-2025-118
- Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-118.md
- Import Source
- https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-118.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/JLSEC-2025-118
- Upstream
- Published
- 2025-10-19T19:08:53.760Z
- Modified
- 2025-11-03T00:19:03.779640Z
- Summary
- adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return...
- Details
-
adtsdecodeextradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the initgetbits return value, which is a necessary step because the second argument to initgetbits can be crafted.
- Database specific
{ "license": "CC-BY-4.0", "sources": [ { "id": "CVE-2021-38171", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-38171", "imported": "2025-10-18T14:07:17.165Z", "published": "2021-08-21T17:15:07.700Z", "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38171", "modified": "2024-11-21T06:16:33.257Z" } ] }- References
-
- https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
- https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html
- https://patchwork.ffmpeg.org/project/ffmpeg/patch/AS8P193MB12542A86E22F8207EC971930B6F19%40AS8P193MB1254.EURP193.PROD.OUTLOOK.COM/
- https://security.gentoo.org/glsa/202312-14
- https://www.debian.org/security/2021/dsa-4990
- https://www.debian.org/security/2021/dsa-4998