CVE-2021-30123

Summary

CVE	CVE-2021-30123
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-04-07 20:15:00 UTC
Updated	2023-11-07 03:32:00 UTC
Description	FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.

Risk And Classification

Problem Types: CWE-120

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Ffmpeg	Ffmpeg	All	All	All	All
Application	Ffmpeg	Ffmpeg	4.4	All	All	All
Application	Ffmpeg	Ffmpeg	All	All	All	All

References

Reference	Source	Link	Tags
git.videolan.org Git - ffmpeg.git/commitdiff		git.videolan.org
FFmpeg: Multiple vulnerabilities (GLSA 202105-24) — Gentoo security	GENTOO	security.gentoo.org
git.videolan.org Git - ffmpeg.git/commitdiff	MISC	git.videolan.org
#8863 (null pointer reference) – FFmpeg	MISC	trac.ffmpeg.org
#8845 (A stack-buffer-overflow in FFmpeg JIT code) – FFmpeg	MISC	trac.ffmpeg.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

501846 Alpine Linux Security Update for ffmpeg
502282 Alpine Linux Security Update for ffmpeg4
504755 Alpine Linux Security Update for ffmpeg
504773 Alpine Linux Security Update for ffmpeg4
710092 Gentoo Linux FFmpeg Multiple vulnerabilities (GLSA 202105-24)