CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
20.7%
FFmpeg prior to commit bf814 was discovered to contain an out of bounds
read via the dist->alphabet_size variable in the read_vlc_prefix()
function.
github.com/FFmpeg/FFmpeg/commit/bf814387f42e9b0dea9d75c03db4723c88e7d962
launchpad.net/bugs/cve/CVE-2023-46407
nvd.nist.gov/vuln/detail/CVE-2023-46407
patchwork.ffmpeg.org/project/ffmpeg/patch/20231013014959.536776-1-leo.izen%40gmail.com/
patchwork.ffmpeg.org/project/ffmpeg/patch/[email protected]/
patchwork.ffmpeg.org/project/ffmpeg/patch/20231015004924.597746-1-leo.izen%40gmail.com/
patchwork.ffmpeg.org/project/ffmpeg/patch/[email protected]/
security-tracker.debian.org/tracker/CVE-2023-46407
www.cve.org/CVERecord?id=CVE-2023-46407
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
20.7%