PT-2023-9218 · FFmpeg+4 · Ffmpeg+4

Zeng Yunxiang

Publicado

2023-12-04

Atualizado

2025-06-06

CVE-2023-50010

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FFmpeg versions v.n6.1-3-g466799d4f5

Description The issue is related to a buffer overflow vulnerability in the set encoder id function, located in the /fftools/ffmpeg enc.c component. This vulnerability can be exploited by an attacker to execute arbitrary code, potentially allowing for remote code execution with specially crafted data.

Recommendations For FFmpeg version v.n6.1-3-g466799d4f5, consider disabling the set encoder id function as a temporary workaround until a patch is available. Restrict access to the /fftools/ffmpeg enc.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-120

Identificadores relacionados

BDU:2024-04849

CVE-2023-50010

DSA-5712-1

DSA-5721-1

MGASA-2024-0248

OESA-2024-1804

OESA-2024-1806

OESA-2024-1807

OESA-2024-1808

OPENSUSE-SU-2024:13934-1

OPENSUSE-SU-2024:13940-1

OPENSUSE-SU-2024_1592-1

OPENSUSE-SU-2024_1593-1

OPENSUSE-SU-2025:14974-1

OPENSUSE-SU-2025:15012-1

OPENSUSE-SU-2025_0862-1

OPENSUSE-SU-2026:20710-1

SUSE-SU-2024:1592-1

SUSE-SU-2024:1593-1

SUSE-SU-2024_1592-1

SUSE-SU-2024_1593-1

SUSE-SU-2025:0862-1

USN-6803-1

Produtos afetados

Astra Linux

Ffmpeg

Linuxmint

Suse

Ubuntu

PT-2023-9218 · FFmpeg+4 · Ffmpeg+4

CVE-2023-50010

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 115