CVE-2023-6604

A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.

Database specific

{
    "cna_assigner": "fedora",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6604.json",
    "cwe_ids": [
        "CWE-99"
    ]
}

References

Affected packages

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type: GIT
Repo: https://github.com/ffmpeg/ffmpeg
Events: Introduced

2b8b2ba19fe0ca6594cb09439b9ead2c328a79d8

Fixed

ea3d24bbe3c58b171e55fe2151fc7ffaca3ab3d2

Affected versions

n2.*

n2.0

n2.1-dev

n2.2-dev

n2.3-dev

n2.4-dev

n2.5-dev

n2.6-dev

n2.7-dev

n2.8-dev

n2.9-dev

n3.*

n3.1-dev

n3.2-dev

n3.3-dev

n3.4-dev

n3.5-dev

n4.*

n4.1-dev

n4.2-dev

n4.3-dev

n4.4-dev

n4.5-dev

n5.*

n5.1-dev

n5.2-dev

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6604.json"