2250128 – (CVE-2023-47470) CVE-2023-47470 ffmpeg: out-of-bounds write vulnerability in ref_pic_list_struct

Bug 2250128 (CVE-2023-47470) - CVE-2023-47470 ffmpeg: out-of-bounds write vulnerability in ref_pic_list_struct

Summary: CVE-2023-47470 ffmpeg: out-of-bounds write vulnerability in ref_pic_list_struct

Keywords:
Status:	NEW
Alias:	CVE-2023-47470
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2250129
Blocks:
TreeView+	depends on / blocked

Reported:	2023-11-16 16:54 UTC by Mauro Matteo Cascella
Modified:	2023-11-16 16:54 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Mauro Matteo Cascella 2023-11-16 16:54:05 UTC

NVD description: "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c".

References:
https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230915131147.5945-2-michael%40niedermayer.cc/
https://github.com/goldds96/Report/tree/main/FFmpeg

Comment 1 Mauro Matteo Cascella 2023-11-16 16:54:19 UTC

Created ffmpeg tracking bugs for this issue:

Affects: fedora-all [bug 2250129]

Note You need to log in before you can comment on or make changes to this bug.