CVE-2017-11719 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11719): The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. References: Commit in master branch https://github.com/FFmpeg/FFmpeg/commit/296debd213bd6dce7647cedd34eb64e5b94cdc92 Commit in release/3.3 branch https://github.com/FFmpeg/FFmpeg/commit/47c0626ec721749b28df1c61c481e318e50058e4
3.2.6 is vulnerable and probably older versions too 3.3.3 has the fix and can go stable
note: 3.3.3 can go stable; but bug #626414 is not yet fixed
(In reply to Alexis Ballier from comment #2) > note: 3.3.3 can go stable; but bug #626414 is not yet fixed bug #627220 I mean
GLSA Vote: No Cleanup handled in bug #630460