ffmpeg is vulnerable to arbitrary code execution. Mishandling of empty sprop-parameter-sets values in the sdp_parse_fmtp_config_h264
function in libavformat/rtpdec_h264.c
leads to heap buffer overflow and allows a remote attacker to cause a denial of service and execute arbitrary code a malicious sdp file.
CPE | Name | Operator | Version |
---|---|---|---|
ffmpeg:3.4 | eq | 3.0.7-r0 | |
ffmpeg:3.4 | eq | 3.0.7-r0 |