CVE-2023-50009

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-50009
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50009.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-50009
Downstream
Related
Published
2024-04-19T17:15:52.070Z
Modified
2025-11-20T21:18:44.675955Z
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H CVSS Calculator
Summary
[none]
Details

FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ffgaussianblur8 function in libavfilter/edgetemplate.c:116:5 component.

References

Affected packages

Git / git.ffmpeg.org/ffmpeg.git

Affected ranges

Type
GIT
Repo
https://git.ffmpeg.org/ffmpeg.git
Events
Introduced
47ac3e60653da651dfa064b649d0ac297560d8d5
Fixed
083443d67cb159ce469e5d902346b8d0c2cd1c93

Affected versions

n6.*

n6.1-dev
n6.2-dev

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type
GIT
Repo
https://github.com/ffmpeg/ffmpeg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
162b4c60c8f72be2e93b759f3b1e14652b70b3ba
Fixed
c443658d26d2b8e19901f9507a890e0efca79056

Affected versions

Other

N

n0.*

n0.11-dev
n0.12-dev
n0.8

n1.*

n1.1-dev
n1.2-dev
n1.3-dev

n2.*

n2.0
n2.1-dev
n2.2-dev
n2.3-dev
n2.4-dev
n2.5-dev
n2.6-dev
n2.7-dev
n2.8-dev
n2.9-dev

n3.*

n3.1-dev
n3.2-dev
n3.3-dev
n3.4-dev
n3.5-dev

n4.*

n4.1-dev
n4.2-dev
n4.3-dev
n4.4-dev
n4.5-dev

n5.*

n5.1-dev
n5.2-dev

n6.*

n6.1
n6.1-dev
n6.2-dev

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "254816656072124490686853983262355165531",
                "31877602845318401102389784989818087179",
                "17016053981011782868835965702907639683",
                "199446948907900977501436067530578842812",
                "69969355579061885170826474264885430436",
                "285460975446622202328805586670021301166",
                "321098436463018851694964015107991917953",
                "227660988351307664047895135020116668056",
                "81965354233706480648868889876360444616",
                "296528963538907783819436920267520734502",
                "75130143287394892599675853691784355057",
                "328428695336154837885998531478594937666",
                "313785962037767760250860041120881663355",
                "239325395843362531648649165436307751529",
                "260741031318871990208050374177048141566",
                "295448376480883731774345310329218410977",
                "55361497533821152378487336818777007008",
                "254571536006874369023224442166904445867",
                "168285529929421544386420103399512942765",
                "242896767042914815723283613014719112746",
                "149324095117691475210407805343631143220"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/c443658d26d2b8e19901f9507a890e0efca79056",
        "target": {
            "file": "libavfilter/edge_template.c"
        },
        "id": "CVE-2023-50009-adc8ee8d"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "254816656072124490686853983262355165531",
                "31877602845318401102389784989818087179",
                "17016053981011782868835965702907639683",
                "199446948907900977501436067530578842812",
                "69969355579061885170826474264885430436",
                "285460975446622202328805586670021301166",
                "321098436463018851694964015107991917953",
                "227660988351307664047895135020116668056",
                "81965354233706480648868889876360444616",
                "296528963538907783819436920267520734502",
                "75130143287394892599675853691784355057",
                "328428695336154837885998531478594937666",
                "313785962037767760250860041120881663355",
                "239325395843362531648649165436307751529",
                "260741031318871990208050374177048141566",
                "295448376480883731774345310329218410977",
                "55361497533821152378487336818777007008",
                "254571536006874369023224442166904445867",
                "168285529929421544386420103399512942765",
                "242896767042914815723283613014719112746",
                "149324095117691475210407805343631143220"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/162b4c60c8f72be2e93b759f3b1e14652b70b3ba",
        "target": {
            "file": "libavfilter/edge_template.c"
        },
        "id": "CVE-2023-50009-b5d1eafd"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 2035.0,
            "function_hash": "102036313291581278114211612626370519488"
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/162b4c60c8f72be2e93b759f3b1e14652b70b3ba",
        "target": {
            "file": "libavfilter/edge_template.c",
            "function": "(gaussian_blur)"
        },
        "id": "CVE-2023-50009-eef4baff"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "length": 2035.0,
            "function_hash": "102036313291581278114211612626370519488"
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/c443658d26d2b8e19901f9507a890e0efca79056",
        "target": {
            "file": "libavfilter/edge_template.c",
            "function": "(gaussian_blur)"
        },
        "id": "CVE-2023-50009-fc4696c2"
    }
]