Vulnerability Description
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component.
CVSS Score
8.0
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | 6.1 |
| Fedoraproject | Fedora | 38 |
Related Weaknesses (CWE)
References
- https://github.com/FFmpeg/FFmpegProduct
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproThird Party Advisory
- https://trac.ffmpeg.org/ticket/10686ExploitIssue Tracking
- https://trac.ffmpeg.org/ticket/10686#no1ExploitIssue Tracking
- https://github.com/FFmpeg/FFmpegProduct
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproThird Party Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://trac.ffmpeg.org/ticket/10686ExploitIssue Tracking
- https://trac.ffmpeg.org/ticket/10686#no1ExploitIssue Tracking
FAQ
What is CVE-2023-49501?
CVE-2023-49501 is a vulnerability with a CVSS score of 8.0 (HIGH). Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component.
How severe is CVE-2023-49501?
CVE-2023-49501 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-49501?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg, Fedoraproject Fedora.