{"id":"MGASA-2024-0248","summary":"Updated ffmpeg packages fix security vulnerabilities","details":"Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a\nlocal attacker to execute arbitrary code via the set_encoder_id function\nin /fftools/ffmpeg_enc.c component. (CVE-2023-50010)\nBuffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a\nlocal attacker to execute arbitrary code via the\nlibavutil/imgutils.c:353:9 in image_copy_plane. (CVE-2023-51793)\nBuffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a\nlocal attacker to execute arbitrary code via the\nlibavfilter/af_stereowiden.c:120:69. (CVE-2023-51794)\nBuffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a\nlocal attacker to execute arbitrary code via the\nlibavfilter/avf_showspectrum.c:1789:52 component in\nshowspectrumpic_request_frame. (CVE-2023-51795)\nBuffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a\nlocal attacker to execute arbitrary code via a floating point exception\n(FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.\n(CVE-2023-51798)\nFFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one\nError vulnerability in libavfilter/avf_showspectrum.c. This\nvulnerability allows attackers to cause a Denial of Service (DoS) via a\ncrafted input. (CVE-2024-31585)\n","modified":"2026-04-16T04:43:43.975065441Z","published":"2024-07-01T17:53:27Z","upstream":["CVE-2023-50010","CVE-2023-51793","CVE-2023-51794","CVE-2023-51795","CVE-2023-51798","CVE-2024-31585"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0248.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33338"},{"type":"WEB","url":"https://lists.debian.org/debian-security-announce/2024/msg00122.html"}],"affected":[{"package":{"name":"ffmpeg","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.5-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0248.json"}},{"package":{"name":"ffmpeg","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/ffmpeg?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.5-1.mga9.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0248.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}