Buffer Overflow Vulnerability in FFmpeg Allows Arbitrary Code Execution and Denial of Service
CVE-2023-49528

8HIGH

Key Information:

Vendor

FFmpeg

Status
Ffmpeg
Vendor
CVE Published:
12 April 2024

What is CVE-2023-49528?

A buffer overflow vulnerability has been detected in FFmpeg, specifically in the de_stereo component within the af_dialoguenhance.c file. This issue may allow an attacker with local access to the system to execute arbitrary code, potentially leading to a denial of service. Users of FFmpeg version n6.1-3-g466799d4f5 should assess their environment for potential exploitation scenarios and apply necessary patches or updates to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://trac.ffmpeg.org/ticket/10691
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.