What is the severity of CVE-2023-51794?

CVE-2023-51794 is considered a critical buffer overflow vulnerability that can allow local attackers to execute arbitrary code.

How do I fix CVE-2023-51794?

To fix CVE-2023-51794, update to the fixed versions of ffmpeg specified for your distribution, such as 7:3.4.11-0ubuntu0.1+ for Ubuntu Bionic or equivalent versions for other distributions.

Which versions of ffmpeg are affected by CVE-2023-51794?

CVE-2023-51794 affects ffmpeg versions up to and including 7:6.0-6ubuntu1.1 for Ubuntu and earlier versions in other distributions.

Who can exploit CVE-2023-51794?

CVE-2023-51794 can be exploited by local attackers who have access to the system running the affected versions of ffmpeg.

What components of ffmpeg are involved in CVE-2023-51794?

CVE-2023-51794 involves a buffer overflow vulnerability specifically in the libavfilter/af_stereowiden.c component of ffmpeg.

Vulnerability/
CVE-2023-51794

high

7.8

CWE

119 122

26/4/2024

2/8/2024

CVE-2023-51794: Buffer Overflow

First published: Fri Apr 26 2024(Updated: )

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
ubuntu/ffmpeg	<7:3.4.11-0ubuntu0.1+	7:3.4.11-0ubuntu0.1+
ubuntu/ffmpeg	<7:4.2.7-0ubuntu0.1+	7:4.2.7-0ubuntu0.1+
ubuntu/ffmpeg	<7:4.4.2-0ubuntu0.22.04.1+	7:4.4.2-0ubuntu0.22.04.1+
ubuntu/ffmpeg	<7:6.0-6ubuntu1.1	7:6.0-6ubuntu1.1
debian/ffmpeg	<=7:4.3.6-0+deb11u1<=7:6.1.1-4<=7:6.1.1-5	7:4.3.7-0+deb11u1 7:5.1.5-0+deb12u1

Remedy

https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-6803-1

Frequently Asked Questions

What is the severity of CVE-2023-51794?
CVE-2023-51794 is considered a critical buffer overflow vulnerability that can allow local attackers to execute arbitrary code.
How do I fix CVE-2023-51794?
To fix CVE-2023-51794, update to the fixed versions of ffmpeg specified for your distribution, such as 7:3.4.11-0ubuntu0.1+ for Ubuntu Bionic or equivalent versions for other distributions.
Which versions of ffmpeg are affected by CVE-2023-51794?
CVE-2023-51794 affects ffmpeg versions up to and including 7:6.0-6ubuntu1.1 for Ubuntu and earlier versions in other distributions.
Who can exploit CVE-2023-51794?
CVE-2023-51794 can be exploited by local attackers who have access to the system running the affected versions of ffmpeg.
What components of ffmpeg are involved in CVE-2023-51794?
CVE-2023-51794 involves a buffer overflow vulnerability specifically in the libavfilter/af_stereowiden.c component of ffmpeg.

agent/first-publish-date
agent/type
agent/remedy
agent/description
collector/launchpad-cve
source/Launchpad
collector/nvd-cve
source/NVD
agent/author
collector/usn-cve
source/Ubuntu
agent/software-canonical-lookup
agent/references
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/nvd-api
agent/severity
agent/weakness
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/tags
agent/source
package-manager/ubuntu
package-manager/debian