FFmpeg contains a flaw in the Vorbis decoder within the 'vorbis_parse_setup_hdr_floors' function [vorbis_dec.c]. The issue is triggered as user-supplied input is not properly sanitized when processing the channel floor value. With a specially crafted WebM file, a context-dependent attacker can corrupt memory to cause a denial of service or potentially execute arbitrary code.
Loss of Integrity
Upgrade to version 0.6.90-rc0 (FFmpeg), 8.0.552.237 (Chrome), 8.0.552.344 (Chrome OS) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.