CVE-2023-51797 — Code Injection in Ffmpeg

CWE-94 — Code Injection5 documents5 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 88.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Fedoraproject Fedora

Timeline

PublishedApr 19

Description

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 1.4 | Impact: 5.2

Affected Packages2 packages

▶Debianffmpeg/ffmpeg< 7:7.0.1-3+1

▶NVDffmpeg/ffmpeg12 versions+11

Also affects: Fedora 38, 39, 40

🔴Vulnerability Details

OSV

CVE-2023-51797: Buffer Overflow vulnerability in Ffmpeg v↗2024-04-19

▶

CVEList

CVE-2023-51797: Buffer Overflow vulnerability in Ffmpeg v↗2024-04-19

▶

GHSA

GHSA-3mxv-473p-h624: Buffer Overflow vulnerability in Ffmpeg v↗2024-04-19

▶

📋Vendor Advisories

Debian

CVE-2023-51797: ffmpeg - Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local att...↗2023

▶