Buffer Overflow Vulnerability in Ffmpeg Allows Arbitrary Code Execution
CVE-2023-50009

8HIGH

Key Information:

Vendor: Ffmpeg
Status: Ffmpeg
Vendor: CVE Published:; 19 April 2024

What is CVE-2023-50009?

A buffer overflow vulnerability has been identified in FFmpeg, specifically within the ff_gaussian_blur_8 function in the libavfilter/edge_template.c component. This vulnerability permits local attackers to exploit the flaw to execute arbitrary code, potentially compromising system integrity. Users of affected versions are strongly advised to review the security advisories and apply necessary updates to mitigate risk.

References

https://github.com/FFmpeg/FFmpeg

https://trac.ffmpeg.org/ticket/10699

https://ffmpeg.org/

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2024