Burak Çarıkçı

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 4.4 **Description** The issue is related to the `dwa uncompress` function in the `libavcodec/exr.c` component of the FFmpeg multimedia library. It involves incorrect checking of `dc count`, which can lead to an out-of-bounds array access. This could allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For FFmpeg version 4.4, consider disabling the `dwa uncompress` function in `libavcodec/exr.c` as a temporary workaround until a patch is available. Restrict access to the `libavcodec/exr.c` component to minimize the risk of exploitation. Avoid using the `dc count` variable in the affected function until the issue is resolved.