Buffer Overflow Vulnerability in FFmpeg Affects Remote Code Execution
CVE-2023-47470

7.8HIGH

Key Information:

Vendor: Ffmpeg
Status: Ffmpeg
Vendor: CVE Published:; 16 November 2023

What is CVE-2023-47470?

A buffer overflow vulnerability exists in FFmpeg, particularly within the ref_pic_list_struct function in libavcodec/evc_ps.c. This flaw allows remote attackers to perform an out-of-array write, which can lead to arbitrary code execution and denial of service (DoS). The vulnerability affects all versions of FFmpeg prior to a specific GitHub commit, necessitating immediate attention from users to ensure system integrity and security.

References

https://github.com/FFmpeg/FFmpeg/commit/4565747056a113562...

https://patchwork.ffmpeg.org/project/ffmpeg/patch/2023091...

https://github.com/goldds96/Report/tree/main/FFmpeg

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 16, 2023
Vulnerability Reserved
Nov 6, 2023

Ffmpeg

What is CVE-2023-47470?

References

CVSS V3.1

Timeline