Source: ffmpeg Version: 7:4.1.3-1 Severity: important Tags: security upstream fixed-upstream
Hi, The following vulnerability was published for ffmpeg, it is fixed in the 4.4.1 release (and was previously fixed already in 3.2 series and thus was already included in DSA-4449-1). CVE-2019-12730[0]: | aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x | before 4.1.4 does not check for sscanf failure and consequently allows | use of uninitialized variables. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-12730 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12730 [1] https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9b4004c054964a49c7ba44583f4cee22486dd8f2
