FFmpeg is vulnerable to denial of service (DoS) and possibly other attacks. These attacks are possible because utils.c removes a codec ID when enforcing alignment. This allows attackers to cause an out-of-bounds access error through JV data.
git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b
www.ffmpeg.org/security.html
www.ubuntu.com/usn/USN-2534-1
git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b
lists.debian.org/debian-lts-announce/2019/02/msg00005.html
security.gentoo.org/glsa/201603-06
www.ffmpeg.org/security.html