CVE-2023-50009
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-50009
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50009.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-50009
- Downstream
- Related
- Published
- 2024-04-19T17:15:52Z
- Modified
- 2025-10-16T05:59:13.550486Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ffgaussianblur8 function in libavfilter/edgetemplate.c:116:5 component.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/
- https://trac.ffmpeg.org/ticket/10699
- https://github.com/FFmpeg/FFmpeg/commit/162b4c60c8f72be2e93b759f3b1e14652b70b3ba
- https://github.com/FFmpeg/FFmpeg/commit/c443658d26d2b8e19901f9507a890e0efca79056
- https://github.com/FFmpeg/FFmpeg
- https://ffmpeg.org/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/
Affected packages
Git / git.ffmpeg.org/ffmpeg.git
Affected ranges
- Type
- GIT
- Repo
- https://git.ffmpeg.org/ffmpeg.git
- Events
- Type
- GIT
- Repo
- https://github.com/ffmpeg/ffmpeg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
Other
N
n0.*
n0.11-dev
n0.12-dev
n0.8
n1.*
n1.1-dev
n1.2-dev
n1.3-dev
n2.*
n2.0
n2.1-dev
n2.2-dev
n2.3-dev
n2.4-dev
n2.5-dev
n2.6-dev
n2.7-dev
n2.8-dev
n2.9-dev
n3.*
n3.1-dev
n3.2-dev
n3.3-dev
n3.4-dev
n3.5-dev
n4.*
n4.1-dev
n4.2-dev
n4.3-dev
n4.4-dev
n4.5-dev
n5.*
n5.1-dev
n5.2-dev
n6.*
n6.1
n6.1-dev
n6.2-dev
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"target": {
"file": "libavfilter/edge_template.c"
},
"signature_type": "Line",
"source": "https://github.com/ffmpeg/ffmpeg/commit/c443658d26d2b8e19901f9507a890e0efca79056",
"deprecated": false,
"digest": {
"line_hashes": [
"254816656072124490686853983262355165531",
"31877602845318401102389784989818087179",
"17016053981011782868835965702907639683",
"199446948907900977501436067530578842812",
"69969355579061885170826474264885430436",
"285460975446622202328805586670021301166",
"321098436463018851694964015107991917953",
"227660988351307664047895135020116668056",
"81965354233706480648868889876360444616",
"296528963538907783819436920267520734502",
"75130143287394892599675853691784355057",
"328428695336154837885998531478594937666",
"313785962037767760250860041120881663355",
"239325395843362531648649165436307751529",
"260741031318871990208050374177048141566",
"295448376480883731774345310329218410977",
"55361497533821152378487336818777007008",
"254571536006874369023224442166904445867",
"168285529929421544386420103399512942765",
"242896767042914815723283613014719112746",
"149324095117691475210407805343631143220"
],
"threshold": 0.9
},
"id": "CVE-2023-50009-adc8ee8d"
},
{
"signature_version": "v1",
"target": {
"file": "libavfilter/edge_template.c"
},
"signature_type": "Line",
"source": "https://github.com/ffmpeg/ffmpeg/commit/162b4c60c8f72be2e93b759f3b1e14652b70b3ba",
"deprecated": false,
"digest": {
"line_hashes": [
"254816656072124490686853983262355165531",
"31877602845318401102389784989818087179",
"17016053981011782868835965702907639683",
"199446948907900977501436067530578842812",
"69969355579061885170826474264885430436",
"285460975446622202328805586670021301166",
"321098436463018851694964015107991917953",
"227660988351307664047895135020116668056",
"81965354233706480648868889876360444616",
"296528963538907783819436920267520734502",
"75130143287394892599675853691784355057",
"328428695336154837885998531478594937666",
"313785962037767760250860041120881663355",
"239325395843362531648649165436307751529",
"260741031318871990208050374177048141566",
"295448376480883731774345310329218410977",
"55361497533821152378487336818777007008",
"254571536006874369023224442166904445867",
"168285529929421544386420103399512942765",
"242896767042914815723283613014719112746",
"149324095117691475210407805343631143220"
],
"threshold": 0.9
},
"id": "CVE-2023-50009-b5d1eafd"
},
{
"signature_version": "v1",
"target": {
"function": "(gaussian_blur)",
"file": "libavfilter/edge_template.c"
},
"signature_type": "Function",
"source": "https://github.com/ffmpeg/ffmpeg/commit/162b4c60c8f72be2e93b759f3b1e14652b70b3ba",
"deprecated": false,
"digest": {
"length": 2035.0,
"function_hash": "102036313291581278114211612626370519488"
},
"id": "CVE-2023-50009-eef4baff"
},
{
"signature_version": "v1",
"target": {
"function": "(gaussian_blur)",
"file": "libavfilter/edge_template.c"
},
"signature_type": "Function",
"source": "https://github.com/ffmpeg/ffmpeg/commit/c443658d26d2b8e19901f9507a890e0efca79056",
"deprecated": false,
"digest": {
"length": 2035.0,
"function_hash": "102036313291581278114211612626370519488"
},
"id": "CVE-2023-50009-fc4696c2"
}
]
}