{"id":"CVE-2023-39018","details":"FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.\u003cconstructor\u003e. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which FFmpeg.java uses untrusted input for the path of the executable file.","modified":"2026-03-14T12:08:32.249610Z","published":"2023-07-28T15:15:13.227Z","references":[{"type":"WEB","url":"https://github.com/bramp/ffmpeg-cli-wrapper/blob/master/src/main/java/net/bramp/ffmpeg/FFmpeg.java"},{"type":"FIX","url":"https://github.com/bramp/ffmpeg-cli-wrapper/issues/291"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bramp/ffmpeg-cli-wrapper","events":[{"introduced":"0"},{"last_affected":"577a8daa7d18735f7ada321d3f40bf984426332e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.7.0"}]}}],"versions":["ffmpeg-0.1","ffmpeg-0.2","ffmpeg-0.3","ffmpeg-0.4","ffmpeg-0.5","ffmpeg-0.6","ffmpeg-0.6.1","ffmpeg-0.6.2","ffmpeg-0.7.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39018.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}