Denial Of Service (DoS)

2023-08-2113:49:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

ffmpeg

vulnerability

av_timecode_make_string

denial of service

.mov file

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

ffmpeg is vulnerable to Denial of Service (DoS) attacks. The vulnerability exists in the av_timecode_make_string() function, which is used to convert a timecode to a string. This vulnerability could allow a local attacker to cause a denial of service (DoS) by providing a crafted .mov file that triggers the overflow.

CPENameOperatorVersion
ffmpeg:bullseyeeq7:4.3.1-5
ffmpeg:bullseyeeq7:4.3.2-0+deb11u2
ffmpeg:sideq7:4.3.1-5
ffmpeg:bullseyeeq7:4.3.1-5
ffmpeg:bullseyeeq7:4.3.2-0+deb11u2
ffmpeg:sideq7:4.3.1-5
ffmpeg:bustereq7:4.1.6-1~deb10u1

Name	Operator	Version
ffmpeg:bullseye	eq	7:4.3.1-5
ffmpeg:bullseye	eq	7:4.3.2-0+deb11u2
ffmpeg:sid	eq	7:4.3.1-5
ffmpeg:bullseye	eq	7:4.3.1-5
ffmpeg:bullseye	eq	7:4.3.2-0+deb11u2
ffmpeg:sid	eq	7:4.3.1-5
ffmpeg:buster	eq	7:4.1.6-1~deb10u1