A vulnerability was found in FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer. References: https://trac.ffmpeg.org/ticket/8093
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-15942
Closed as NOTABUG as affected functionality is not present in qffmpeg as shipped with Red Hat Enterprise Linux 5.