CVE-2019-1000016

Name of the Vulnerable Software and Affected Versions FFMPEG version 4.1

Description The issue is related to improper validation of array indices in the libavcodec/cbs av1.c component of the FFmpeg library. This can be exploited via a specially crafted AV1 file, potentially leading to a denial of service. The vulnerability is exploitable by providing a specially crafted AV1 file as input.

Recommendations For FFMPEG version 4.1, update to a version that includes the fix committed after b97a4b658814b2de8b9f2a3bce491c002d34de31 to resolve the issue. As a temporary workaround, consider restricting the use of the libavcodec/cbs av1.c component when processing AV1 files until a patch is available.