Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0yangzLWZ4NWYtcjJjNs4AA07-

FFmpeg discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>

Withdrawn

This advisory has been withdrawn because it has been found to be disputed. Please see the issue here for more information.

Original Despcription

FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.. This vulnerability is exploited via passing an unchecked argument.

Permalink: https://github.com/advisories/GHSA-2jx3-fx5f-r2c6
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yangzLWZ4NWYtcjJjNs4AA07-
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 9 months ago
Updated: about 1 month ago

Widthdrawn: about 1 month ago

CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-2jx3-fx5f-r2c6, CVE-2023-39018
References: Repository: https://github.com/bramp/ffmpeg-cli-wrapper
Blast Radius: 22.0

Affected Packages

maven:net.bramp.ffmpeg:ffmpeg
Dependent packages: 5
Dependent repositories: 174
Downloads:
Affected Version Ranges: <= 0.7.0
No known fixed version
All affected versions: 0.6.1, 0.6.2, 0.7.0