Chen Hongxu

Name of the Vulnerable Software and Affected Versions: FFmpeg versions through 2.8 Description: The issue is related to the `flv write packet` function in the FFmpeg library, which lacks a check for an empty audio packet. This can lead to an assertion failure. Exploitation of this issue may allow a remote attacker to cause a denial of service. Recommendations: For FFmpeg versions through 2.8, consider updating to a version that includes a fix for this issue, as the current version may allow for a denial of service attack due to the lack of checking for empty audio packets in the `flv write packet` function.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions 3.2 through 4.0.2 **Description** The issue allows attackers to cause a denial of service, resulting in an application crash due to a divide-by-zero error, when a user-crafted audio file is converted to the MOV audio format. **Recommendations** For FFmpeg version 3.2, update to a version later than 3.2 to resolve the issue. For FFmpeg version 4.0.2, update to a version later than 4.0.2 to resolve the issue. As a temporary workaround, consider avoiding the conversion of user-crafted audio files to the MOV audio format until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions prior to 4.0.2 **Description** The issue is related to a divide-by-zero error in the libavformat/movenc.c component of the FFmpeg library, which can be triggered by a user-crafted Waveform audio file. This can cause a denial of service, resulting in an application crash. The vulnerability is associated with a lack of division by zero checking, allowing a remote attacker to exploit it and cause a service disruption. **Recommendations** For versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of user-crafted Waveform audio files until the update is applied.