CVE-2023-51798

2024-04-1917:15:52

Debian Security Bug Tracker

security-tracker.debian.org

cve-2023-51798

buffer overflow

ffmpeg

arbitrary code execution

floating point exception

libavfilter

vf_minterpolate

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.

OSVersionArchitecturePackageVersionFilename
Debian12allffmpeg< 7:5.1.5-0+deb12u1ffmpeg_7:5.1.5-0+deb12u1_all.deb
Debian11allffmpeg< 7:4.3.7-0+deb11u1ffmpeg_7:4.3.7-0+deb11u1_all.deb
Debian999allffmpeg<= 7:6.1.1-4ffmpeg_7:6.1.1-4_all.deb
Debian13allffmpeg<= 7:6.1.1-4ffmpeg_7:6.1.1-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ffmpeg	< 7:5.1.5-0+deb12u1	ffmpeg_7:5.1.5-0+deb12u1_all.deb
Debian	11	all	ffmpeg	< 7:4.3.7-0+deb11u1	ffmpeg_7:4.3.7-0+deb11u1_all.deb
Debian	999	all	ffmpeg	<= 7:6.1.1-4	ffmpeg_7:6.1.1-4_all.deb
Debian	13	all	ffmpeg	<= 7:6.1.1-4	ffmpeg_7:6.1.1-4_all.deb