Bingchang

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions prior to 3.3.4 **Description** The issue is related to the handling of empty sprop-parameter-sets values in the sdp parse fmtp config h264 function, which can lead to a denial of service (heap buffer overflow) or possibly have other unspecified impacts. This can be triggered by remote attackers via a crafted sdp file. **Recommendations** For versions prior to 3.3.4, update to version 3.3.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** jasper versions prior to 2.0.0 **Description** A heap-buffer overflow issue was discovered in the QMFB code of the JPC codec. This is caused by the buffer being allocated with a size that is too small. **Recommendations** For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue.