CVE-2023-51798

CVE-2023-51798

Name

CVE-2023-51798

Description

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://ffmpeg.org/
cve@mitre.org	https://trac.ffmpeg.org/ticket/10758
vendor-advisory	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
vendor-advisory	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/
vendor-advisory	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

Type

URI

cve@mitre.org

https://ffmpeg.org/

cve@mitre.org

https://trac.ffmpeg.org/ticket/10758

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

Match rules

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a
`cpe:2.3:a:ffmpeg:ffmpeg:7.0:::::::*`	ffmpeg	== None	== 7.0
`cpe:2.3:a:ffmpeg:ffmpeg:7.0.1:::::::*`	ffmpeg	== None	== 7.0.1
`cpe:2.3:a:ffmpeg:ffmpeg:7.0.2:::::::*`	ffmpeg	== None	== 7.0.2
`cpe:2.3:a:ffmpeg:ffmpeg:7.0.3:::::::*`	ffmpeg	== None	== 7.0.3
`cpe:2.3:a:ffmpeg:ffmpeg:7.1:::::::*`	ffmpeg	== None	== 7.1
`cpe:2.3:a:ffmpeg:ffmpeg:7.1.1:::::::*`	ffmpeg	== None	== 7.1.1
`cpe:2.3:a:ffmpeg:ffmpeg:7.1.2:::::::*`	ffmpeg	== None	== 7.1.2
`cpe:2.3:a:ffmpeg:ffmpeg:7.1.3:::::::*`	ffmpeg	== None	== 7.1.3
`cpe:2.3:a:ffmpeg:ffmpeg:7.2:dev::::::`	ffmpeg	== None	== 7.2
`cpe:2.3:a:ffmpeg:ffmpeg:8.0:::::::*`	ffmpeg	== None	== 8.0
`cpe:2.3:a:ffmpeg:ffmpeg:8.0.1:::::::*`	ffmpeg	== None	== 8.0.1
`cpe:2.3:a:ffmpeg:ffmpeg:8.1:dev::::::`	ffmpeg	== None	== 8.1

CPE URI

Source package

Min version

Max version

n/a

== n/a

cpe:2.3:a:ffmpeg:ffmpeg:7.0:*:*:*:*:*:*:*

ffmpeg

== None

== 7.0

cpe:2.3:a:ffmpeg:ffmpeg:7.0.1:*:*:*:*:*:*:*

ffmpeg

== None

== 7.0.1

cpe:2.3:a:ffmpeg:ffmpeg:7.0.2:*:*:*:*:*:*:*

ffmpeg

== None

== 7.0.2

cpe:2.3:a:ffmpeg:ffmpeg:7.0.3:*:*:*:*:*:*:*

ffmpeg

== None

== 7.0.3

cpe:2.3:a:ffmpeg:ffmpeg:7.1:*:*:*:*:*:*:*

ffmpeg

== None

== 7.1

cpe:2.3:a:ffmpeg:ffmpeg:7.1.1:*:*:*:*:*:*:*

ffmpeg

== None

== 7.1.1

cpe:2.3:a:ffmpeg:ffmpeg:7.1.2:*:*:*:*:*:*:*

ffmpeg

== None

== 7.1.2

cpe:2.3:a:ffmpeg:ffmpeg:7.1.3:*:*:*:*:*:*:*

ffmpeg

== None

== 7.1.3

cpe:2.3:a:ffmpeg:ffmpeg:7.2:dev:*:*:*:*:*:*

ffmpeg

== None

== 7.2

cpe:2.3:a:ffmpeg:ffmpeg:8.0:*:*:*:*:*:*:*

ffmpeg

== None

== 8.0

cpe:2.3:a:ffmpeg:ffmpeg:8.0.1:*:*:*:*:*:*:*

ffmpeg

== None

== 8.0.1

cpe:2.3:a:ffmpeg:ffmpeg:8.1:dev:*:*:*:*:*:*

ffmpeg

== None

== 8.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
ffmpeg	edge-community	8.0.1-r1	Achill Gilgenast <achill@achill.org>	possibly vulnerable
ffmpeg	edge-community	8.0.1-r0	Achill Gilgenast <achill@achill.org>	possibly vulnerable
ffmpeg	edge-community	8.0-r4	Achill Gilgenast <achill@achill.org>	possibly vulnerable
ffmpeg	edge-community	8.0-r3	Achill Gilgenast <achill@achill.org>	possibly vulnerable
ffmpeg	edge-community	8.0-r2	Achill Gilgenast <achill@achill.org>	possibly vulnerable
ffmpeg	edge-community	8.0-r1	Achill Gilgenast <achill@achill.org>	possibly vulnerable
ffmpeg	edge-community	8.0-r0	Achill Gilgenast <achill@achill.org>	possibly vulnerable
ffmpeg	edge-community	7.1.2-r0	Achill Gilgenast <achill@achill.org>	possibly vulnerable
ffmpeg	edge-community	7.1.1-r1	Achill Gilgenast <achill@achill.org>	possibly vulnerable
ffmpeg	edge-community	7.1.1-r0	Achill Gilgenast <achill@achill.org>	possibly vulnerable
ffmpeg	3.23-community	8.0.1-r1	Achill Gilgenast <achill@achill.org>	possibly vulnerable
ffmpeg	3.23-community	8.0.1-r0	Achill Gilgenast <achill@achill.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

ffmpeg

edge-community

8.0.1-r1

Achill Gilgenast <achill@achill.org>

possibly vulnerable

ffmpeg

edge-community