CVE-2023-39018

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-39018
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39018.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-39018
Published
2023-07-28T15:15:13.227Z
Modified
2026-03-14T12:08:32.249610Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which FFmpeg.java uses untrusted input for the path of the executable file.

References

Affected packages

Git / github.com/bramp/ffmpeg-cli-wrapper

Affected ranges

Type
GIT
Repo
https://github.com/bramp/ffmpeg-cli-wrapper
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
577a8daa7d18735f7ada321d3f40bf984426332e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.7.0"
        }
    ]
}

Affected versions

ffmpeg-0.*
ffmpeg-0.1
ffmpeg-0.2
ffmpeg-0.3
ffmpeg-0.4
ffmpeg-0.5
ffmpeg-0.6
ffmpeg-0.6.1
ffmpeg-0.6.2
ffmpeg-0.7.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39018.json"