CVE-2023-50009

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-50009
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50009.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-50009
Downstream
Related
Published
2024-04-19T17:15:52.070Z
Modified
2026-03-15T22:48:04.141248Z
Severity
  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H CVSS Calculator
Summary
[none]
Details

FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ffgaussianblur8 function in libavfilter/edgetemplate.c:116:5 component.

References

Affected packages

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type
GIT
Repo
https://github.com/ffmpeg/ffmpeg
Events
Introduced
47ac3e60653da651dfa064b649d0ac297560d8d5
Fixed
083443d67cb159ce469e5d902346b8d0c2cd1c93
Fixed
162b4c60c8f72be2e93b759f3b1e14652b70b3ba
Fixed
c443658d26d2b8e19901f9507a890e0efca79056
Database specific 
{
    "versions": [
        {
            "introduced": "6.1"
        },
        {
            "fixed": "7.0"
        }
    ]
}

Affected versions

n6.*
n6.1
n6.1-dev
n6.2-dev

Database specific

vanir_signatures 
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "254816656072124490686853983262355165531",
                "31877602845318401102389784989818087179",
                "17016053981011782868835965702907639683",
                "199446948907900977501436067530578842812",
                "69969355579061885170826474264885430436",
                "285460975446622202328805586670021301166",
                "321098436463018851694964015107991917953",
                "227660988351307664047895135020116668056",
                "81965354233706480648868889876360444616",
                "296528963538907783819436920267520734502",
                "75130143287394892599675853691784355057",
                "328428695336154837885998531478594937666",
                "313785962037767760250860041120881663355",
                "239325395843362531648649165436307751529",
                "260741031318871990208050374177048141566",
                "295448376480883731774345310329218410977",
                "55361497533821152378487336818777007008",
                "254571536006874369023224442166904445867",
                "168285529929421544386420103399512942765",
                "242896767042914815723283613014719112746",
                "149324095117691475210407805343631143220"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2023-50009-adc8ee8d",
        "target": {
            "file": "libavfilter/edge_template.c"
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/c443658d26d2b8e19901f9507a890e0efca79056"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "254816656072124490686853983262355165531",
                "31877602845318401102389784989818087179",
                "17016053981011782868835965702907639683",
                "199446948907900977501436067530578842812",
                "69969355579061885170826474264885430436",
                "285460975446622202328805586670021301166",
                "321098436463018851694964015107991917953",
                "227660988351307664047895135020116668056",
                "81965354233706480648868889876360444616",
                "296528963538907783819436920267520734502",
                "75130143287394892599675853691784355057",
                "328428695336154837885998531478594937666",
                "313785962037767760250860041120881663355",
                "239325395843362531648649165436307751529",
                "260741031318871990208050374177048141566",
                "295448376480883731774345310329218410977",
                "55361497533821152378487336818777007008",
                "254571536006874369023224442166904445867",
                "168285529929421544386420103399512942765",
                "242896767042914815723283613014719112746",
                "149324095117691475210407805343631143220"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2023-50009-b5d1eafd",
        "target": {
            "file": "libavfilter/edge_template.c"
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/162b4c60c8f72be2e93b759f3b1e14652b70b3ba"
    },
    {
        "digest": {
            "length": 2035.0,
            "function_hash": "102036313291581278114211612626370519488"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2023-50009-eef4baff",
        "target": {
            "function": "(gaussian_blur)",
            "file": "libavfilter/edge_template.c"
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/162b4c60c8f72be2e93b759f3b1e14652b70b3ba"
    },
    {
        "digest": {
            "length": 2035.0,
            "function_hash": "102036313291581278114211612626370519488"
        },
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2023-50009-fc4696c2",
        "target": {
            "function": "(gaussian_blur)",
            "file": "libavfilter/edge_template.c"
        },
        "source": "https://github.com/ffmpeg/ffmpeg/commit/c443658d26d2b8e19901f9507a890e0efca79056"
    }
]
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "38"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "39"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "40"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50009.json"