block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based buffer over-read. CREATE(Triage): {Link=https://nvd.nist.gov/vuln/detail/CVE-2019-13312 User=admin}