{"id":"CVE-2023-50010","details":"FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.","modified":"2026-04-16T04:34:36.997122431Z","published":"2024-04-19T17:15:52.127Z","related":["CGA-5gc9-qr6c-hg3j","SUSE-SU-2024:1592-1","SUSE-SU-2024:1593-1","SUSE-SU-2025:0862-1","openSUSE-SU-2024:13934-1","openSUSE-SU-2024:13940-1","openSUSE-SU-2025:14974-1","openSUSE-SU-2025:15012-1"],"references":[{"type":"WEB","url":"https://ffmpeg.org/"},{"type":"WEB","url":"https://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06..e4d2666bdc3dbd177a81bbf428654a5f2fa3787a:/libavfilter/vf_gradfun.c"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"},{"type":"REPORT","url":"https://trac.ffmpeg.org/ticket/10702"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/e4d2666bdc3dbd177a81bbf428654a5f2fa3787a"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/e809c23786fe297797198a7b9f5d3392d581daf1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"47ac3e60653da651dfa064b649d0ac297560d8d5"},{"fixed":"083443d67cb159ce469e5d902346b8d0c2cd1c93"},{"fixed":"e4d2666bdc3dbd177a81bbf428654a5f2fa3787a"},{"fixed":"e809c23786fe297797198a7b9f5d3392d581daf1"}],"database_specific":{"versions":[{"introduced":"6.1"},{"fixed":"7.0"}]}}],"versions":["n6.1","n6.1-dev","n6.2-dev"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"40"}]}],"vanir_signatures":[{"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/e4d2666bdc3dbd177a81bbf428654a5f2fa3787a","id":"CVE-2023-50010-0b97f928","digest":{"threshold":0.9,"line_hashes":["117459925408390397938909038638097177126","20001850690654149390584934092369185131","33379236983939250762553738679828817855","112359146777007550932691475847209243648"]},"deprecated":false,"target":{"file":"libavfilter/vf_gradfun.c"},"signature_type":"Line"},{"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/e809c23786fe297797198a7b9f5d3392d581daf1","id":"CVE-2023-50010-14a1c37f","digest":{"length":1719,"function_hash":"116069738728139430535001473723451908317"},"deprecated":false,"target":{"file":"libavfilter/vf_gradfun.c","function":"filter"},"signature_type":"Function"},{"target":{"file":"libavfilter/vf_gradfun.c"},"source":"https://github.com/ffmpeg/ffmpeg/commit/e809c23786fe297797198a7b9f5d3392d581daf1","id":"CVE-2023-50010-28f9d00d","digest":{"threshold":0.9,"line_hashes":["117459925408390397938909038638097177126","20001850690654149390584934092369185131","33379236983939250762553738679828817855","112359146777007550932691475847209243648"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/e4d2666bdc3dbd177a81bbf428654a5f2fa3787a","id":"CVE-2023-50010-4655444b","digest":{"length":1719,"function_hash":"116069738728139430535001473723451908317"},"deprecated":false,"target":{"function":"filter","file":"libavfilter/vf_gradfun.c"},"signature_type":"Function"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50010.json","vanir_signatures_modified":"2026-04-12T06:44:56Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}