CVE-2023-50009

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-50009
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50009.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-50009
Downstream
Related
Published
2024-04-19T17:15:52Z
Modified
2025-10-13T07:50:07.256121Z
Summary
[none]
Details

FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ffgaussianblur8 function in libavfilter/edgetemplate.c:116:5 component.

References

Affected packages

Git / git.ffmpeg.org/ffmpeg.git

Affected ranges

Type
GIT
Repo
https://git.ffmpeg.org/ffmpeg.git
Events
Type
GIT
Repo
https://github.com/ffmpeg/ffmpeg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Other

N

n0.*

n0.11-dev
n0.12-dev
n0.8

n1.*

n1.1-dev
n1.2-dev
n1.3-dev

n2.*

n2.0
n2.1-dev
n2.2-dev
n2.3-dev
n2.4-dev
n2.5-dev
n2.6-dev
n2.7-dev
n2.8-dev
n2.9-dev

n3.*

n3.1-dev
n3.2-dev
n3.3-dev
n3.4-dev
n3.5-dev

n4.*

n4.1-dev
n4.2-dev
n4.3-dev
n4.4-dev
n4.5-dev

n5.*

n5.1-dev
n5.2-dev

n6.*

n6.1
n6.1-dev
n6.2-dev

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2023-50009-adc8ee8d",
            "signature_type": "Line",
            "target": {
                "file": "libavfilter/edge_template.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "254816656072124490686853983262355165531",
                    "31877602845318401102389784989818087179",
                    "17016053981011782868835965702907639683",
                    "199446948907900977501436067530578842812",
                    "69969355579061885170826474264885430436",
                    "285460975446622202328805586670021301166",
                    "321098436463018851694964015107991917953",
                    "227660988351307664047895135020116668056",
                    "81965354233706480648868889876360444616",
                    "296528963538907783819436920267520734502",
                    "75130143287394892599675853691784355057",
                    "328428695336154837885998531478594937666",
                    "313785962037767760250860041120881663355",
                    "239325395843362531648649165436307751529",
                    "260741031318871990208050374177048141566",
                    "295448376480883731774345310329218410977",
                    "55361497533821152378487336818777007008",
                    "254571536006874369023224442166904445867",
                    "168285529929421544386420103399512942765",
                    "242896767042914815723283613014719112746",
                    "149324095117691475210407805343631143220"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/c443658d26d2b8e19901f9507a890e0efca79056"
        },
        {
            "id": "CVE-2023-50009-b5d1eafd",
            "signature_type": "Line",
            "target": {
                "file": "libavfilter/edge_template.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "254816656072124490686853983262355165531",
                    "31877602845318401102389784989818087179",
                    "17016053981011782868835965702907639683",
                    "199446948907900977501436067530578842812",
                    "69969355579061885170826474264885430436",
                    "285460975446622202328805586670021301166",
                    "321098436463018851694964015107991917953",
                    "227660988351307664047895135020116668056",
                    "81965354233706480648868889876360444616",
                    "296528963538907783819436920267520734502",
                    "75130143287394892599675853691784355057",
                    "328428695336154837885998531478594937666",
                    "313785962037767760250860041120881663355",
                    "239325395843362531648649165436307751529",
                    "260741031318871990208050374177048141566",
                    "295448376480883731774345310329218410977",
                    "55361497533821152378487336818777007008",
                    "254571536006874369023224442166904445867",
                    "168285529929421544386420103399512942765",
                    "242896767042914815723283613014719112746",
                    "149324095117691475210407805343631143220"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/162b4c60c8f72be2e93b759f3b1e14652b70b3ba"
        },
        {
            "id": "CVE-2023-50009-eef4baff",
            "signature_type": "Function",
            "target": {
                "file": "libavfilter/edge_template.c",
                "function": "(gaussian_blur)"
            },
            "deprecated": false,
            "digest": {
                "length": 2035.0,
                "function_hash": "102036313291581278114211612626370519488"
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/162b4c60c8f72be2e93b759f3b1e14652b70b3ba"
        },
        {
            "id": "CVE-2023-50009-fc4696c2",
            "signature_type": "Function",
            "target": {
                "file": "libavfilter/edge_template.c",
                "function": "(gaussian_blur)"
            },
            "deprecated": false,
            "digest": {
                "length": 2035.0,
                "function_hash": "102036313291581278114211612626370519488"
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/c443658d26d2b8e19901f9507a890e0efca79056"
        }
    ]
}