CVE-2018-13303

Name of the Vulnerable Software and Affected Versions FFmpeg version 4.0.1

Description The issue is related to a missing check for failure of a call to init get bits8() in the avpriv ac3 parse header function in libavcodec/ac3 parser.c. This may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. The vulnerability can be exploited by a remote attacker using a specially crafted AVI file, resulting in a denial of service.

Recommendations For FFmpeg version 4.0.1, consider updating to a newer version that addresses this issue, as the current version may allow a denial of service attack through a crafted AVI file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.