{"id":"CVE-2023-50008","details":"FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component.","modified":"2026-04-02T09:41:58.770025Z","published":"2024-04-19T17:15:52.013Z","related":["CGA-5vg2-7w9q-2cmf","MGASA-2025-0306","openSUSE-SU-2024:13908-1","openSUSE-SU-2024:13909-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"},{"type":"REPORT","url":"https://trac.ffmpeg.org/ticket/10701"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/5f87a68cf70dafeab2fb89b42e41a4c29053b89b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"47ac3e60653da651dfa064b649d0ac297560d8d5"},{"fixed":"083443d67cb159ce469e5d902346b8d0c2cd1c93"},{"fixed":"5f87a68cf70dafeab2fb89b42e41a4c29053b89b"}],"database_specific":{"versions":[{"introduced":"6.1"},{"fixed":"7.0"}]}}],"versions":["n6.1","n6.1-dev","n6.1.1","n6.1.2","n6.1.3","n6.1.4","n6.2-dev"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50008.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"40"}]}],"vanir_signatures":[{"id":"CVE-2023-50008-95e484ce","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["98555403433798246575735873771619166600","189040882911503309882936863592120346608","337161758992542568702144093064830058557","56860232798018415541599820424252216100"]},"target":{"file":"libavfilter/vf_colorcorrect.c"},"signature_type":"Line","deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/5f87a68cf70dafeab2fb89b42e41a4c29053b89b"},{"id":"CVE-2023-50008-aa39fc9a","signature_version":"v1","digest":{"function_hash":"180839052145130517998434502743485969331","length":108},"target":{"function":"uninit","file":"libavfilter/vf_colorcorrect.c"},"signature_type":"Function","deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/5f87a68cf70dafeab2fb89b42e41a4c29053b89b"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}