CVE-2019-9718 (https://nvd.nist.gov/vuln/detail/CVE-2019-9718): In FFmpeg 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. CVE-2019-9721 (https://nvd.nist.gov/vuln/detail/CVE-2019-9721): A denial of service in the subtitle decoder in FFmpeg 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf. CVE-2019-11338 (https://nvd.nist.gov/vuln/detail/CVE-2019-11338): libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
Package was stabilized through bug 689422. GLSA Vote: No! Repository is clean, all done!
