Bugzilla – Bug 1223276
VUL-0: CVE-2023-51797: ffmpeg: buffer overflow in the showwaves_filter_frame function in libavfilter/avf_showwaves.c
Last modified: 2024-04-22 23:12:23 UTC
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame References: https://github.com/FFmpeg/FFmpeg https://ffmpeg.org/ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51797 https://www.cve.org/CVERecord?id=CVE-2023-51797 https://trac.ffmpeg.org/ticket/10756 https://bugzilla.redhat.com/show_bug.cgi?id=2276120
No FFmpeg packages in the SLE and the openSUSE codestreams are currently affected by this issue.
The changes from the fixing commit [0] only apply if the changes from commit ee664f41dbd [1] are also present. The changes from the latter were only introduced in version 6.1 of FFmpeg. openSUSE:Factory/ffmpeg-6 is not affected because it already contains the changes that fix the vulnerability. [0] https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/08bd2cbfeb34717d60ec62bcbaeb7996206df906 [1] https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ee664f41dbd94d896c5b45fa0d916a0b82f22b34
Fix 08bd2cbfeb34717d60ec62bcbaeb7996206df906 is included in refs/tags/n6.1.1 as commit ea276a511a. openSUSE:Factory/ffmpeg-6 already has 6.1.1.