Bug 1223273 (CVE-2023-51795)

Summary:	VUL-0: CVE-2023-51795: ffmpeg: buffer overflow via showspectrumpic_request_frame in libavfilter/avf_showspectrum.c
Product:	[openSUSE] openSUSE Distribution	Reporter:	SMASH SMASH <smash_bz>
Component:	Other	Assignee:	Jan Engelhardt <jengelh>
Status:	NEW ---	QA Contact:	Security Team bot <security-team>
Severity:	Major
Priority:	P3 - Medium	CC:	camila.matos
Version:	Leap 15.6
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/402767/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-51795:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description SMASH SMASH 2024-04-22 18:53:39 UTC

Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame

References:
https://ffmpeg.org/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51795
https://www.cve.org/CVERecord?id=CVE-2023-51795
https://trac.ffmpeg.org/ticket/10749
https://bugzilla.redhat.com/show_bug.cgi?id=2276120

Comment 1 Camila Camargo de Matos 2024-04-22 18:58:17 UTC

openSUSE:Factory/ffmpeg-5 is the only current package that is affected by this issue.

As per upstream's comment in the fixing commit [0], this issue was introduced together with the changes from commit 81df787b [1], meaning that only versions 5.1 and later are vulnerable to the issue described by CVE-2023-51795. 

As for package openSUSE:Factory/ffmpeg-6, it's code already includes the fix for this vulnerability.

[0] https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06
[1] https://git.videolan.org/?p=ffmpeg.git;a=commit;h=81df787b53eb5c6433731f6eaaf7f2a94d8a8c80

Comment 2 Jan Engelhardt 2024-04-22 23:07:31 UTC

Patch for commit ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06 is already included in the submissions made for bug#1223087.