CGA-5hf2-95qp-x9p4

Published

Last updated

https://images.chainguard.dev/security/CGA-5hf2-95qp-x9p4

Package

ffmpeg-6

Repository

Chainguard

Latest Update

Not affected

Aliases

Severity

Unknown

References

Updates

Status

Not affected

Justification

Vulnerable code not present

Impact

The showspectrum off-by-one error has been fixed in FFmpeg 6.1.2. The fix (commits ab0fdaedd1 and 3061bf668f cherry-picked to 6.x) changed the loop condition from <= to < at libavfilter/avf_showspectrum.c:1787. The vulnerable condition 'while (nb_frame <= s->nb_frames)' would allow accessing s->frames[s->nb_frames] which is out of bounds. The fixed code 'while (nb_frame < s->nb_frames)' ensures nb_frame is always a valid array index.

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal