CVE-2020-18775

Name of the Vulnerable Software and Affected Versions: Libav version 12.3

Description: The issue is a heap-based buffer over-read in the vc1 decode b mb intfi function in vc1 block.c, which can be exploited by an attacker to cause a denial-of-service via a crafted file.

Recommendations: For Libav version 12.3, consider disabling the vc1 decode b mb intfi function as a temporary workaround until a patch is available. Restrict access to crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.