ffmpeg is vulnerable to remote code execution. The size calculation in build_open_gop_key_points()
goes through all entries in the loop and adds sc->ctts_data[i].count
to sc->sample_offsets_count
leading to an integer overflow resulting in a small allocation with av_calloc()
, which allows an attacker to upload and execute malicious code on the system under attack.