Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:42866
HistoryAug 21, 2023 - 1:49 p.m.

Denial Of Service (DoS)

2023-08-2113:49:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
ffmpeg
vulnerability
av_timecode_make_string
denial of service
.mov file

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

5.1%

ffmpeg is vulnerable to Denial of Service (DoS) attacks. The vulnerability exists in the av_timecode_make_string() function, which is used to convert a timecode to a string. This vulnerability could allow a local attacker to cause a denial of service (DoS) by providing a crafted .mov file that triggers the overflow.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

5.1%