CVE-2023-46407

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-46407

Severity

5.5

Medium

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-46407
https://github.com/advisories/GHSA-9j42-4j78-g4mh
https://github.com/FFmpeg/FFmpeg/commit/bf814387f42e9b0dea9d75c03db4723c88e7d962
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20231013014959.536776-1-leo.izen%40gmail.com/
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20231015004924.597746-1-leo.izen%40gmail.com/

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2023-46407

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company