Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yangzLWZ4NWYtcjJjNs4AA07-
FFmpeg discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>
Withdrawn
This advisory has been withdrawn because it has been found to be disputed. Please see the issue here for more information.
Original Despcription
FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.. This vulnerability is exploited via passing an unchecked argument.
Permalink: https://github.com/advisories/GHSA-2jx3-fx5f-r2c6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yangzLWZ4NWYtcjJjNs4AA07-
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 12 months ago
Updated: 5 months ago Widthdrawn: 5 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-2jx3-fx5f-r2c6, CVE-2023-39018
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-39018
- https://github.com/bramp/ffmpeg-cli-wrapper/issues/291
- https://github.com/bramp/ffmpeg-cli-wrapper/blob/master/src/main/java/net/bramp/ffmpeg/FFmpeg.java
- https://github.com/advisories/GHSA-2jx3-fx5f-r2c6
Blast Radius: 22.0
Affected Packages
maven:net.bramp.ffmpeg:ffmpeg
Dependent packages: 5Dependent repositories: 174
Downloads:
Affected Version Ranges: <= 0.7.0
No known fixed version
All affected versions: 0.6.1, 0.6.2, 0.7.0