The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2
does not initialize certain context data, which allows remote attackers to
cause a denial of service (segmentation violation) or possibly have
unspecified other impact via crafted Apple Lossless Audio Codec (ALAC)
data.
Author | Note |
---|---|
mdeslaur | libav in precise doesn’t look vulnerable |
ebarretto | as of 2018-09-27, no equivalent fix in libav |