Maryam Ebrahimzadeh

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 4.4 **Description** The issue is related to the `adts decode extradata` function in the `libavformat/adtsenc.c` component of the FFmpeg library. It does not check the return value of `init get bits`, which can be crafted by an attacker. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For FFmpeg version 4.4, consider disabling the `adts decode extradata` function until a patch is available. Restrict access to the `libavformat/adtsenc.c` module to minimize the risk of exploitation. Avoid using the `init get bits` function with crafted second arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions 4.4 **Description** The issue is related to the libavcodec/dnxhddec.c component of the FFmpeg multimedia library, where the return value of the `init vlc` function is not properly checked. This could allow a remote attacker to cause a denial of service. **Recommendations** For FFmpeg version 4.4, consider updating to a newer version that addresses this issue, as the current version does not properly check the return value of the `init vlc` function, which could lead to a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.