A vulnerability in FFmpeg could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.
The vulnerability is due to the improper handling of uninitialized variables performed by the aa_read_header function, as defined in the libavformat/aadec.c source code file of the affected software. An attacker could exploit this vulnerability by submitting a crafted file to the targeted system. A successful exploit could allow the attacker to access sensitive information, which could be used to conduct further attacks.
FFmpeg has confirmed this vulnerability and released a software patch.
Security Impact Rating: Medium