CVE-2023-6604

A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.

Database specific

{
    "cna_assigner": "fedora",
    "cwe_ids": [
        "CWE-99"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6604.json"
}

References

Affected packages

Git / git.ffmpeg.org/ffmpeg.git

Affected ranges

Type

GIT

Repo

https://git.ffmpeg.org/ffmpeg.git

Events

Introduced

2b8b2ba19fe0ca6594cb09439b9ead2c328a79d8

Last affected

ea3d24bbe3c58b171e55fe2151fc7ffaca3ab3d2

Database specific

{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "2.0"
        },
        {
            "last_affected": "6.0"
        }
    ],
    "cpe": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*"
}

Type

GIT

Repo

https://github.com/ffmpeg/ffmpeg

Events

Introduced

2b8b2ba19fe0ca6594cb09439b9ead2c328a79d8

Fixed

ea3d24bbe3c58b171e55fe2151fc7ffaca3ab3d2

Database specific

{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "extracted_events": [
        {
            "introduced": "2.0"
        },
        {
            "fixed": "6.*"
        },
        {
            "introduced": "2.0"
        },
        {
            "last_affected": "6.0"
        }
    ],
    "cpe": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*"
}

Affected versions

n2.*

n2.0

n2.1-dev

n2.2-dev

n2.3-dev

n2.4-dev

n2.5-dev

n2.6-dev

n2.7-dev

n2.8-dev

n2.9-dev

n3.*

n3.1-dev

n3.2-dev

n3.3-dev

n3.4-dev

n3.5-dev

n4.*

n4.1-dev

n4.2-dev

n4.3-dev

n4.4-dev

n4.5-dev

n5.*

n5.1-dev

n5.2-dev

n6.*

n6.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6604.json"