CVE-2008-3230 — Improper Input Validation in Ffmpeg

CWE-20 — Improper Input Validation4 documents4 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 68.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedJul 18

Latest updateMay 1

Description

The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif.

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 3.4 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/ffmpeg< ffmpeg 0.svn20080206-16 (bookworm)

▶Debianffmpeg/ffmpeg< 0.svn20080206-16+3

🔴Vulnerability Details

GHSA

GHSA-2h3w-9mqf-3gfh: The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gs↗2022-05-01

▶

OSV

CVE-2008-3230: The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gs↗2008-07-18

▶

📋Vendor Advisories

Debian

CVE-2008-3230: ffmpeg - The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of serv...↗2008

▶