Skip to main content

CVE-2023-50010: n/a in n/a

High
VulnerabilityCVE-2023-50010cvecve-2023-50010
Published: Fri Apr 19 2024 (04/19/2024, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: n/a
Product: n/a

Description

FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.

AI-Powered Analysis

AILast updated: 07/07/2025, 19:41:26 UTC

Technical Analysis

CVE-2023-50010 is a high-severity buffer over-read vulnerability identified in FFmpeg, specifically in the function ff_gradfun_blur_line_movdqa_sse2, which is part of the video processing routines. The vulnerability is triggered via a call to the set_encoder_id function located in fftools/ffmpeg_enc.c. Buffer over-read issues occur when a program reads more data than the buffer's allocated size, potentially leading to information disclosure, application crashes, or arbitrary code execution depending on the context. In this case, the vulnerability affects FFmpeg versions around the commit identified as v.n6.1-3-g466799d4f5. The CVSS 3.1 score of 7.8 indicates a high severity, with the attack vector being local (AV:L), requiring low attack complexity (AC:L), and low privileges (PR:L), but no user interaction (UI:N). The impact on confidentiality, integrity, and availability is rated high (C:H/I:H/A:H), meaning exploitation could lead to significant compromise of system security. The vulnerability is classified under CWE-120 (Classic Buffer Overflow), which is a common and dangerous class of memory corruption bugs. No public exploits are currently known, and no patches have been linked yet, indicating that mitigation may require monitoring for official updates from FFmpeg. Given FFmpeg's widespread use in multimedia processing, streaming services, and embedded devices, this vulnerability could be exploited by local users or processes to escalate privileges or cause denial of service.

Potential Impact

For European organizations, the impact of CVE-2023-50010 can be substantial due to FFmpeg's extensive use in media-related applications, content delivery networks, broadcasting, and video conferencing platforms. Exploitation could lead to unauthorized access to sensitive media data, disruption of multimedia services, or compromise of systems that rely on FFmpeg for encoding and decoding tasks. Industries such as media production, telecommunications, and any enterprise using video processing pipelines are at risk. The local attack vector suggests that attackers need some level of access to the target system, which could be achieved through compromised user accounts or malicious insiders. The high impact on confidentiality, integrity, and availability means that successful exploitation could result in data leaks, corrupted media content, or service outages, potentially affecting compliance with data protection regulations like GDPR. Additionally, embedded devices and IoT products using FFmpeg in Europe may be vulnerable, increasing the attack surface.

Mitigation Recommendations

European organizations should implement the following specific mitigations: 1) Inventory all systems and applications using FFmpeg, including embedded devices and third-party software that bundles FFmpeg libraries. 2) Restrict local access to systems running vulnerable FFmpeg versions by enforcing strict user privilege management and monitoring for unusual local activity. 3) Employ application whitelisting and sandboxing techniques to limit the impact of potential exploitation. 4) Monitor vendor channels and security advisories for official patches or updates addressing CVE-2023-50010 and apply them promptly once available. 5) Use runtime protection tools such as memory safety mitigations (e.g., ASLR, DEP) and exploit detection systems to reduce the risk of buffer over-read exploitation. 6) Conduct security testing and code audits on custom FFmpeg integrations to identify and remediate unsafe usage patterns. 7) For critical multimedia infrastructure, consider isolating FFmpeg processing in dedicated environments to contain potential compromises.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2023-12-04T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6842ede271f4d251b5c8819b

Added to database: 6/6/2025, 1:32:18 PM

Last enriched: 7/7/2025, 7:41:26 PM

Last updated: 8/15/2025, 2:40:53 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats