A vulnerability in FFmpeg could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to improper memory operations performed by the ff_htmlmarkup_to_ass() function, as defined in the libavcodec/htmlsubtitles.c source code file of the affected software. An attacker could exploit this vulnerability by persuading a user to open a crafted video file in Matroska format that submits malicious input to the targeted system. A successful exploit could cause an out-of-bounds read condition in the subtitle decoder, which could result in a DoS condition.
FFmpeg has confirmed the vulnerability and released software updates.
Security Impact Rating: Medium