CVE-2021-30123

Published on: 04/07/2021 12:00:00 AM UTC

Last Modified on: 04/13/2021 06:24:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Ffmpeg from Ffmpeg contain the following vulnerability:

FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution.

  • CVE-2021-30123 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
git.videolan.org Git - ffmpeg.git/commitdiff git.videolan.org
text/xml
URL Logo MISC git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
#8863 (null pointer reference) – FFmpeg trac.ffmpeg.org
text/html
URL Logo MISC trac.ffmpeg.org/ticket/8863
#8845 (A stack-buffer-overflow in FFmpeg JIT code) – FFmpeg trac.ffmpeg.org
text/html
URL Logo MISC trac.ffmpeg.org/ticket/8845

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationFfmpegFfmpegAllAllAllAll
  • cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-30123 : FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that ma… twitter.com/i/web/status/1… 2021-04-07 20:03:57