Lucene search

GitHub Advisory DatabaseGHSA-2JX3-FX5F-R2C6

HistoryJul 28, 2023 - 3:30 p.m.

FFmpeg discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>

2023-07-2815:30:23

CWE-94

GitHub Advisory Database

github.com

ffmpeg

code injection

vulnerability

net.bramp.ffmpeg.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Withdrawn

This advisory has been withdrawn because it has been found to be disputed. Please see the issue here for more information.

Original Despcription

FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument.

Affected configurations

Vulners

Node

github_advisory_databasenet.bramp.ffmpeg\Matchffmpeg

CPENameOperatorVersion
net.bramp.ffmpeg:ffmpegle0.7.0

CPE	Name	Operator	Version
	net.bramp.ffmpeg:ffmpeg	le	0.7.0

References

github.com/advisories/GHSA-2jx3-fx5f-r2c6

github.com/bramp/ffmpeg-cli-wrapper/blob/master/src/main/java/net/bramp/ffmpeg/FFmpeg.java

github.com/bramp/ffmpeg-cli-wrapper/issues/291

nvd.nist.gov/vuln/detail/CVE-2023-39018

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Related for GHSA-2JX3-FX5F-R2C6