/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-vg8p-2f5q-2xqj

Published

Last updated

https://images.chainguard.dev/security/CGA-vg8p-2f5q-2xqj
Package

ffmpeg-6

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2023-51795
  • GHSA-ppm8-gjfw-8977

Severity

Unknown

References

  • https://nvd.nist.gov/vuln/detail/CVE-2023-51795

Updates

Status

Pending upstream fix

Impact

The stereotools buffer overflow vulnerability is NOT fixed in FFmpeg 6.1.2. The December 2023 fix (commit e6459abfad) adding +9 for proper rounding is not present. The vulnerable code at libavfilter/af_stereotools.c:122 uses integer division that rounds down, causing undersized buffer allocation for certain sample rates. For example, sample_rate=44099 would allocate insufficient buffer space. The fix ensures proper ceiling division by adding 9 before dividing by 10.

Status

Under investigation


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing