CVE-2023-6602Resource Injection in Ffmpeg

CWE-99Resource Injection4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 58.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FfmpegDebian Ffmpeg
Timeline
PublishedDec 31

Description

A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

debiandebian/ffmpeg< ffmpeg 7:5.1.7-0+deb12u1 (bookworm)
Debianffmpeg/ffmpeg< 7:4.3.9-0+deb11u1+3
NVDffmpeg/ffmpeg2.06.0

🔴Vulnerability Details

2
OSV
CVE-2023-6602: A flaw was found in FFmpeg's TTY Demuxer2024-12-31
GHSA
GHSA-398c-f7w9-crc8: A flaw was found in FFmpeg's TTY Demuxer2024-12-31

📋Vendor Advisories

1
Debian
CVE-2023-6602: ffmpeg - A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible dat...2023