The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 4.0.2 does not check for an empty audio packet, leading to an assertion failure. https://nvd.nist.gov/vuln/detail/CVE-2018-15822