The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* versions up to 1.1.13 (inclusive)
cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:* versions up to 10.4 (inclusive)