First published: Fri Oct 27 2023(Updated: )
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
<6.1 |
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20231013014959.536776-1-leo.izen%40gmail.com/
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20231015004924.597746-1-leo.izen%40gmail.com/
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-46407 is a vulnerability in FFmpeg prior to commit bf814 that allows for an out of bounds read.
CVE-2023-46407 is considered to be a medium severity vulnerability with a severity score of 5.5.
CVE-2023-46407 affects FFmpeg versions before commit bf814 and can lead to an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.
The fix for CVE-2023-46407 is available in the commit bf814 of the FFmpeg repository.
More information about CVE-2023-46407 can be found in the following references: <ul><li><a href='https://github.com/FFmpeg/FFmpeg/commit/bf814387f42e9b0dea9d75c03db4723c88e7d962'>FFmpeg commit bf814</a></li><li><a href='https://patchwork.ffmpeg.org/project/ffmpeg/patch/20231015004924.597746-1-leo.izen%40gmail.com/'>FFmpeg patch for CVE-2023-46407</a></li><li><a href='https://patchwork.ffmpeg.org/project/ffmpeg/patch/20231013014959.536776-1-leo.izen%40gmail.com/'>FFmpeg patch for CVE-2023-46407</a></li></ul>