FFmpeg contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.
The vulnerability is due to an integer overflow error when processing Video and Music Data (VMD) files. An unauthenticated, remote attacker could exploit this vulnerability by creating a crafted VMD file and convincing a targeted user to process the file using the affected software. If the user processes or views the file, an integer overflow could occur, leading to a heap-based buffer overflow that is exploitable for code execution. An exploit could also cause a crash of the application, resulting in a DoS condition.
FFmpeg has confirmed this vulnerability in the git repository, but stable updated software is not currently available.