CVE-2023-49528

CVSS v3.1

8.0

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions: FFmpeg version n6.1-3-g466799d4f5

Description: The issue is related to a buffer overflow in the de stereo component of the FFmpeg library, specifically in the af dialoguenhance.c file. This allows a local attacker to execute arbitrary code and cause a denial of service (DoS). The vulnerability is located at line 261, column 5, in the af dialoguenhance.c file.

Recommendations: For FFmpeg version n6.1-3-g466799d4f5, consider disabling the de stereo component until a patch is available to prevent exploitation of the buffer overflow vulnerability. Restrict access to the af dialoguenhance.c module to minimize the risk of arbitrary code execution and denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

BDU:2024-05030

CVE-2023-49528

MGASA-2025-0057

OESA-2024-1874

OPENSUSE-SU-2024:13888-1

OPENSUSE-SU-2024:13895-1

USN-6803-1

Affected Products

Astra Linux

Debian

Ffmpeg

Linuxmint

Ubuntu

CVE-2023-49528

Weakness Enumeration

Related Identifiers

Affected Products

References · 55