FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.
The vulnerability results from lack of proper verification of the index value before using it to access an array element in the code handling H.266/VVC syntax. An attacker can provide specially crafted input data (e.g., malicious media file) that leads to reading or writing outside array bounds. This results in undefined behavior of the application, which can be further exploited.
An attacker can cause undefined behavior in the application, potentially resulting in data disclosure, integrity violation, or denial of service — high impact on system confidentiality, integrity, and availability.
FFmpeg should be updated to version n6.1.1 or later, in which the bug has been fixed (commit ce0c178a408d43e71085c28a47d50dc939b60196). Fedora distribution users should apply package updates according to announcements published on Fedora mailing lists.
FFmpeg in version n6.1 and Fedora distributions containing this version of FFmpeg package
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFedora Project Fedora
OSFedoraproject383940Ffmpeg
APPFfmpeg6.1
Related vulnerabilities
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML
Type Confusion w silniku V8 Chrome — zdalne wykonanie kodu (RCE)
Use-after-free w Google Chrome Visuals umożliwiający ucieczkę z sandbox
Integer overflow w Skia w Google Chrome — sandbox escape