CVE-2023-50008

Name of the Vulnerable Software and Affected Versions Ffmpeg version v.n6.1-3-g466799d4f5

Description The issue is related to a buffer overflow in the av malloc function, located in the libavutil/mem.c component of the Ffmpeg library. This buffer overflow is caused by copying without checking the input data, which can allow an attacker to execute arbitrary code, access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For Ffmpeg version v.n6.1-3-g466799d4f5, consider disabling the av malloc function in the libavutil/mem.c component as a temporary workaround until a patch is available. Restrict access to the libavutil/mem.c component to minimize the risk of exploitation. Avoid using the av malloc function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.