Paul B Mahol

**Name of the Vulnerable Software and Affected Versions** ffmpeg (affected versions not specified) **Description** A problematic vulnerability has been found in ffmpeg, affecting the component QuickTime RPZA Video Encoder in the file libavcodec/rpzaenc.c. The manipulation of the argument `y size` leads to an out-of-bounds read. This issue can be exploited remotely, potentially allowing an attacker to access confidential data and cause a denial of service. **Recommendations** To fix this issue, it is recommended to apply a patch. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. As a temporary workaround, consider restricting access to the vulnerable component QuickTime RPZA Video Encoder until a patch is applied. Avoid using the argument `y size` in the affected file libavcodec/rpzaenc.c to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FFmpeg (affected versions not specified) **Description** The issue is related to the `smc encode stream` function in the `libavcodec/smcenc.c` component of the FFmpeg library. It involves an out-of-bounds read due to the manipulation of the `y size` argument, which can be exploited remotely. This could allow an attacker to access confidential data and cause a denial of service. **Recommendations** To fix this issue, it is recommended to apply a patch. The specific patch name is 13c13109759090b7f7182480d075e13b36ed8edd. As a temporary workaround, consider restricting access to the `smc encode stream` function until a patch is available. Additionally, avoid manipulating the `y size` argument in the affected component to minimize the risk of exploitation.