CVE-2023-39018
CVSS v3.1
9.8 (Critical)
EPSS
0.16 % (53th)
Affected Products
1
Advisories
1
NVD Status
Modified
FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple third parties because there are no realistic use cases in which FFmpeg.java uses untrusted input for the path of the executable file.
Weaknesses
- CWE-94
- Improper Control of Generation of Code ('Code Injection')
- CVE Status
- PUBLISHED
- NVD Status
- Modified
- CNA
- MITRE
- Published Date
-
2023-07-28 15:15:13
(13 months ago) - Updated Date
-
2024-08-02 18:16:00
(6 weeks ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...