Veracode Vulnerability DatabaseVERACODE:45236Out-of-bounds Read
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
20.7%
ffmpeg is vulnerable to Out-of-bounds Read. The vulnerability is due to improper validation of the dist->alphabet_size variable in the read_vlc_prefix function. This issue allows unauthorized memory access that potentially leads to sensitive information disclosure or denial of service.
References
github.com/FFmpeg/FFmpeg/commit/bf814387f42e9b0dea9d75c03db4723c88e7d962
patchwork.ffmpeg.org/project/ffmpeg/patch/20231013014959.536776-1-leo.izen%40gmail.com/
patchwork.ffmpeg.org/project/ffmpeg/patch/20231015004924.597746-1-leo.izen%40gmail.com/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.19/community.yaml
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
20.7%