CVE-2023-50010

FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ffgradfunblurlinemovdqasse2, as demonstrated by a call to the setencoderid function in /fftools/ffmpegenc.c component.

References

Affected packages

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type: GIT
Repo: https://github.com/ffmpeg/ffmpeg
Events: Fixed

e4d2666bdc3dbd177a81bbf428654a5f2fa3787a

Introduced

47ac3e60653da651dfa064b649d0ac297560d8d5

Fixed

e4d2666bdc3dbd177a81bbf428654a5f2fa3787a

Fixed

e809c23786fe297797198a7b9f5d3392d581daf1

Affected versions

n6.*

n6.1

n6.1-dev

n6.2-dev

Database specific

vanir_signatures

[
    {
        "target": {
            "file": "libavfilter/vf_gradfun.c"
        },
        "deprecated": false,
        "id": "CVE-2023-50010-0b97f928",
        "source": "https://github.com/ffmpeg/ffmpeg/commit/e4d2666bdc3dbd177a81bbf428654a5f2fa3787a",
        "digest": {
            "line_hashes": [
                "117459925408390397938909038638097177126",
                "20001850690654149390584934092369185131",
                "33379236983939250762553738679828817855",
                "112359146777007550932691475847209243648"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "libavfilter/vf_gradfun.c",
            "function": "filter"
        },
        "deprecated": false,
        "id": "CVE-2023-50010-14a1c37f",
        "source": "https://github.com/ffmpeg/ffmpeg/commit/e809c23786fe297797198a7b9f5d3392d581daf1",
        "digest": {
            "length": 1719.0,
            "function_hash": "116069738728139430535001473723451908317"
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "libavfilter/vf_gradfun.c"
        },
        "deprecated": false,
        "id": "CVE-2023-50010-28f9d00d",
        "source": "https://github.com/ffmpeg/ffmpeg/commit/e809c23786fe297797198a7b9f5d3392d581daf1",
        "digest": {
            "line_hashes": [
                "117459925408390397938909038638097177126",
                "20001850690654149390584934092369185131",
                "33379236983939250762553738679828817855",
                "112359146777007550932691475847209243648"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "libavfilter/vf_gradfun.c",
            "function": "filter"
        },
        "deprecated": false,
        "id": "CVE-2023-50010-4655444b",
        "source": "https://github.com/ffmpeg/ffmpeg/commit/e4d2666bdc3dbd177a81bbf428654a5f2fa3787a",
        "digest": {
            "length": 1719.0,
            "function_hash": "116069738728139430535001473723451908317"
        },
        "signature_type": "Function",
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50010.json"