{
  "modified": "2025-08-09T19:01:26Z",
  "published": "2014-11-05T11:55:08Z",
  "id": "CVE-2014-8549",
  "details": "libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://security.gentoo.org/glsa/201603-06"
    },
    {
      "type": "WEB",
      "url": "http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=550f3e9df3410b3dd975e590042c0d83e20a8da3"
    },
    {
      "type": "WEB",
      "url": "http://www.ffmpeg.org/security.html"
    }
  ]
}
