First published: Fri Aug 11 2023(Updated: )
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
FFmpeg FFmpeg | =4.3.2 | |
debian/ffmpeg | 7:4.3.7-0+deb11u1 7:4.3.8-0+deb11u1 7:5.1.6-0+deb12u1 7:7.0.2-3 7:7.1-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-28429.
The title of this vulnerability is "Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version …".
The description of this vulnerability is "Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file."
The software affected by this vulnerability is FFmpeg version 4.3.2.
The severity of this vulnerability is medium with a CVSS score of 5.5.