{"id":"JLSEC-2025-118","summary":"adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return...","details":"adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.","modified":"2025-11-03T00:19:03.779640Z","published":"2025-10-19T19:08:53.760Z","upstream":["CVE-2021-38171"],"database_specific":{"license":"CC-BY-4.0","sources":[{"imported":"2025-10-18T14:07:17.165Z","id":"CVE-2021-38171","modified":"2024-11-21T06:16:33.257Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38171","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-38171","published":"2021-08-21T17:15:07.700Z"}]},"references":[{"type":"WEB","url":"https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html"},{"type":"WEB","url":"https://patchwork.ffmpeg.org/project/ffmpeg/patch/AS8P193MB12542A86E22F8207EC971930B6F19%40AS8P193MB1254.EURP193.PROD.OUTLOOK.COM/"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202312-14"},{"type":"WEB","url":"https://www.debian.org/security/2021/dsa-4990"},{"type":"WEB","url":"https://www.debian.org/security/2021/dsa-4998"}],"affected":[{"package":{"name":"FFMPEG_jll","ecosystem":"Julia","purl":"pkg:julia/FFMPEG_jll?uuid=b22a6f82-2f65-5046-a5b2-351ab43fb4e5"},"ranges":[{"type":"SEMVER","events":[{"introduced":"4.4.0+0"},{"fixed":"4.4.2+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-118.json"}}],"schema_version":"1.7.3"}