CVE-2023-46407 — Out-of-bounds Read in Ffmpeg

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 92.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedOct 27

Description

FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Ubuntuffmpeg/ffmpeg< 7:6.1.1-3ubuntu5+1

▶NVDffmpeg/ffmpeg6.1

▶debiandebian/ffmpeg

Patches

Patch: github.com ↗Patch: patchwork.ffmpeg.org ↗Patch: patchwork.ffmpeg.org ↗

🔴Vulnerability Details

OSV

CVE-2023-46407: FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function↗2023-10-27

▶

GHSA

GHSA-9j42-4j78-g4mh: FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function↗2023-10-27

▶

📋Vendor Advisories

Debian

CVE-2023-46407: ffmpeg - FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via...↗2023

▶