CVE-2017-16803(https://nvd.nist.gov/vuln/detail/CVE-2017-16803): In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream. Upstream Fix: https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f @maintainer(s), noting 12.1 in tree. In case of bump, please call for stabilization, thank you. Gentoo Security Padawan (jmbailey/mbailey_j)
@ Arches, please test and mark stable: =media-video/libav-12.3
amd64 stable
Stable on alpha.
ia64 stable
x86 stable
ppc stable
ppc64 stable
sparc stable
hppa stable
arm stable and security cleanup done
This issue was resolved and addressed in GLSA 201811-19 at https://security.gentoo.org/glsa/201811-19 by GLSA coordinator Aaron Bauman (b-man).