ffmpeg is vulnerable to denial of service. The flv_write_packet
function in libavformat/flvenc.c
does not check for an empty audio packet, leading to an assertion failure.
github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10
github.com/FFmpeg/FFmpeg/commit/d8ecb335fe4852bbc172c7b79e66944d158b4d92
lists.debian.org/debian-lts-announce/2019/05/msg00043.html
seclists.org/bugtraq/2019/May/60
usn.ubuntu.com/3967-1/
usn.ubuntu.com/4431-1/
www.debian.org/security/2019/dsa-4449