FFmpeg · Ffmpeg · CVE-2023-47470
**Name of the Vulnerable Software and Affected Versions**
Ffmpeg versions before github commit 4565747056a11356210ed8edcecb920105e40b60
**Description**
The issue allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the `ref pic list struct` function in `libavcodec/evc ps.c`.
**Recommendations**
For versions before github commit 4565747056a11356210ed8edcecb920105e40b60, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the `ref pic list struct` function in `libavcodec/evc ps.c` until a patch is available.