CVE-2018-12459

Name of the Vulnerable Software and Affected Versions FFmpeg version 4.0

Description The issue is related to an inconsistent bits-per-sample value in the ff mpeg4 decode picture header function, which may trigger an assertion violation when converting a crafted AVI file to MPEG4. This can lead to a denial of service. The vulnerability is caused by insufficient input validation, allowing a remote attacker to exploit it using a specially crafted AVI file.

Recommendations For FFmpeg version 4.0, consider updating to a newer version that addresses this issue, as the current version may allow for a denial of service attack when processing crafted AVI files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.