vulnerability

FFmpeg: CVE-2023-39018: Improper Control of Generation of Code ('Code Injection')

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	2023-07-28	2023-08-08	2025-01-28

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

2023-07-28

Added

2023-08-08

Modified

2025-01-28

Description

FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which FFmpeg.java uses untrusted input for the path of the executable file.

Solution

misc-no-solution-exists

References

CVE-2023-39018
https://attackerkb.com/topics/CVE-2023-39018

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today