CVE-2019-11339

Name of the Vulnerable Software and Affected Versions FFmpeg versions 4.0 through 4.0.3 FFmpeg versions 4.1 through 4.1.1

Description The issue is related to the studio profile decoder in the libavcodec/mpeg4videodec.c file, which allows remote attackers to cause a denial of service or possibly have other impacts via crafted MPEG-4 video data. The vulnerability is also described as being related to the mpeg4 decode studio block() function, which is associated with out-of-array access due to buffer boundary reading issues. This can be exploited by an attacker using specially crafted MPEG-4 video data to cause a denial of service.

Recommendations For FFmpeg versions 4.0 through 4.0.3, update to version 4.0.4 or later. For FFmpeg versions 4.1 through 4.1.1, update to version 4.1.2 or later.