The cavsidct8addc function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavsdecode.
{ "urgency": "not yet assigned" }