Bug 2277716 (CVE-2023-51794) - CVE-2023-51794 ffmpeg: avfilter: heap buffer overflow in libavfilter/af_stereowiden.c
Summary: CVE-2023-51794 ffmpeg: avfilter: heap buffer overflow in libavfilter/af_stere...
Keywords:
Status: NEW
Alias: CVE-2023-51794
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2277719 2277723 2277724 2277725 2277726 2277727 2277728 2277717 2277718 2277720 2277721 2277722
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-04-29 11:30 UTC by TEJ RATHI
Modified: 2024-04-29 11:34 UTC (History)
0 users

Fixed In Version: ffmpeg n-7.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description TEJ RATHI 2024-04-29 11:30:27 UTC
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c.

https://trac.ffmpeg.org/ticket/10746
https://github.com/FFmpeg/FFmpeg/commit/50f0f8c53c818f73fe2d752708e2fa9d2a2d8a07

Comment 1 TEJ RATHI 2024-04-29 11:30:42 UTC
Created chromium tracking bugs for this issue:

Affects: epel-7 [bug 2277717]

Comment 2 TEJ RATHI 2024-04-29 11:34:36 UTC
Created chromium tracking bugs for this issue:

Affects: epel-8 [bug 2277718]


Created ffmpeg tracking bugs for this issue:

Affects: fedora-38 [bug 2277720]
Affects: fedora-39 [bug 2277723]
Affects: fedora-40 [bug 2277726]


Created qt5-qtwebengine tracking bugs for this issue:

Affects: epel-8 [bug 2277719]
Affects: fedora-38 [bug 2277721]
Affects: fedora-39 [bug 2277724]
Affects: fedora-40 [bug 2277727]


Created qt6-qtwebengine tracking bugs for this issue:

Affects: fedora-38 [bug 2277722]
Affects: fedora-39 [bug 2277725]
Affects: fedora-40 [bug 2277728]


Note You need to log in before you can comment on or make changes to this bug.