FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.
Patch at $URL but seems it's not part of any tag yet.
It is in just released 4.4 .
(In reply to jospezial from comment #1)
> It is in just released 4.4 .
Thanks! Maintainers, please bump.
media-video/ffmpeg: bump to 4.4
(In reply to jospezial from comment #4)
> media-video/ffmpeg: bump to 4.4
New GLSA request filed.
This issue was resolved and addressed in
GLSA 202105-24 at https://security.gentoo.org/glsa/202105-24
by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architecture.
All arches done.