Buffer Overflow Vulnerability in Ffmpeg Allows Arbitrary Code Execution
CVE-2023-49501

8HIGH

Key Information:

Vendor: Ffmpeg
Status: Ffmpeg
Vendor: CVE Published:; 19 April 2024

What is CVE-2023-49501?

A buffer overflow vulnerability exists in FFmpeg that allows a local attacker to execute arbitrary code. This is due to improper handling of data within the config_eq_output function found in the libavfilter/asrc_afirsrc.c component, specifically at line 495. By exploiting this vulnerability, attackers can gain unauthorized access and potentially compromise the integrity and security of affected systems.

References

https://github.com/FFmpeg/FFmpeg

https://trac.ffmpeg.org/ticket/10686#no1

https://trac.ffmpeg.org/ticket/10686

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2024

CVE-2023-49501 Data

JSON