Denial of Service Vulnerability in FFmpeg HLS Playlist Parsing
CVE-2023-6603

7.5HIGH

Key Information:

Vendor: Ffmpeg
Status
Vendor: CVE Published:; 31 December 2024

What is CVE-2023-6603?

A vulnerability exists within FFmpeg's HLS playlist parsing mechanism that allows a specially crafted HLS playlist to cause a denial of service. This occurs through a null pointer dereference during the initialization process, which can be exploited by malicious users to disrupt the functionality of applications utilizing this feature. Users are recommended to apply the latest security patches to mitigate this issue, ensuring continued protection against potential exploitation.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2334335

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 8, 2023

Ffmpeg

What is CVE-2023-6603?

References

CVSS V3.1

Timeline