libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.

libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases."