It seems like the fix for this issue are the changes applied by commit 4adb93df [0]. The function where this fix is applied (config_eq_output), however, was only introduced when the changes from commit 19148a5b [1] were introduced as well: in version 6.1 of FFmpeg. This means that versions 6.0 and earlier are not affected by this issue, as the vulnerable code is not present. [0] https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4adb93dff05dd947878c67784d98c9a4e13b57a7 [1] https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19148a5b9f44bed660258a5896d1d12d77d3d9ab