Bugzilla – Bug 1223273
VUL-0: CVE-2023-51795: ffmpeg: buffer overflow via showspectrumpic_request_frame in libavfilter/avf_showspectrum.c
Last modified: 2024-04-22 23:07:31 UTC
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame References: https://ffmpeg.org/ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51795 https://www.cve.org/CVERecord?id=CVE-2023-51795 https://trac.ffmpeg.org/ticket/10749 https://bugzilla.redhat.com/show_bug.cgi?id=2276120
openSUSE:Factory/ffmpeg-5 is the only current package that is affected by this issue. As per upstream's comment in the fixing commit [0], this issue was introduced together with the changes from commit 81df787b [1], meaning that only versions 5.1 and later are vulnerable to the issue described by CVE-2023-51795. As for package openSUSE:Factory/ffmpeg-6, it's code already includes the fix for this vulnerability. [0] https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06 [1] https://git.videolan.org/?p=ffmpeg.git;a=commit;h=81df787b53eb5c6433731f6eaaf7f2a94d8a8c80
Patch for commit ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06 is already included in the submissions made for bug#1223087.