CVE-2019-12730

aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.

Date published : 2019-06-04

http://www.securityfocus.com/bid/109317

https://seclists.org/bugtraq/2019/Aug/30