This update for ffmpeg fixes the following issues: - CVE-2018-13300: An improper argument passed to the avpriv_request_sample function may have triggered an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure - CVE-2018-15822: The flv_write_packet function did not check for an empty audio packet, leading to an assertion failure and DoS - CVE-2018-13305: Due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service. - CVE-2018-12458: An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c might have triggered an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. .