FFmpeg: Info Leak on MP2 Parsing with Bad Section Length
CVE-2023-43555 Published on June 3, 2024

Buffer Over-read in Video
Information disclosure in Video while parsing mp2 clip with invalid section length.

NVD

Vulnerability Analysis

CVE-2023-43555 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and a small impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
LOW

Weakness Type

Buffer Over-read

The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. This typically occurs when the pointer or its index is incremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in exposure of sensitive information or possibly a crash.


Products Associated with CVE-2023-43555

Want to know whenever a new CVE is published for FFmpeg? stack.watch will email you.

FFmpeg
 

Affected Versions

Qualcomm, Inc. Snapdragon: qualcomm qam8295p_firmware: qualcomm fastconnect_6900_firmware: qualcomm fastconnect_7800_firmware: qualcomm msm8996au_firmware: qualcomm aqt1000_firmware: qualcomm fastconnect_6200_firmware: qualcomm fastconnect_6700_firmware: qualcomm fastconnect_6800_firmware: qualcomm qca6391_firmware: qualcomm qca6420_firmware: qualcomm qca6426_firmware: qualcomm qca6430_firmware: qualcomm qca6436_firmware: qualcomm qca6564a_firmware: qualcomm qca6564au_firmware: qualcomm qca6574a_firmware: qualcomm qca6574au_firmware: qualcomm qca6696_firmware: qualcomm qcm4325_firmware: qualcomm qcm4490_firmware: qualcomm qcm5430_firmware: qualcomm qcm6490_firmware: qualcomm qcm8550_firmware: qualcomm qcn9074_firmware: qualcomm qcs410_firmware: qualcomm qcs4490_firmware: qualcomm qcs5430_firmware: qualcomm qcs610_firmware: qualcomm qcs6490_firmware: qualcomm qcs7230_firmware: qualcomm qcs8250_firmware: qualcomm qcs8550_firmware: qualcomm_215_mobile_platform_firmware: qualcomm_video_collaboration_vc1_platform_firmware: qualcomm_video_collaboration_vc3_platform_firmware: qualcomm_video_collaboration_vc5_platform_firmware: qualcomm sa6145p_firmware: qualcomm sa6150p_firmware: qualcomm sa6155p_firmware: qualcomm sa8145p_firmware: qualcomm sa8150p_firmware: qualcomm sa8155p_firmware: qualcomm sa8195p_firmware: qualcomm sa8295p_firmware: qualcomm sd730_firmware: qualcomm sd855_firmware: qualcomm sd865_5g_firmware: qualcomm sd888_firmware: qualcomm sg4150p_firmware: qualcomm sm6250_firmware: qualcomm sm7250p_firmware: qualcomm sm7315_firmware: qualcomm sm7325p_firmware: qualcomm sm8550p_firmware: qualcomm snapdragon_4_gen_1_mobile_platform_firmware: qualcomm snapdragon_4_gen_2_mobile_platform_firmware: qualcomm snapdragon_460_mobile_platform_firmware: qualcomm snapdragon_480_5g_mobile_platform_firmware: qualcomm snapdragon_662_mobile_platform_firmware: qualcomm snapdragon_680_4g_mobile_platform_firmware: qualcomm snapdragon_690_5g_mobile_platform_firmware: qualcomm snapdragon_695_5g_mobile_platform_firmware: qualcomm snapdragon_720g_mobile_platform_firmware: qualcomm snapdragon_778g_5g_mobile_platform_firmware: qualcomm snapdragon_780g_5g_mobile_platform_firmware: qualcomm snapdragon_8_gen_1_mobile_platform_firmware: qualcomm snapdragon_8_gen_2_mobile_platform_firmware: qualcomm snapdragon_820_automotive_platform_firmware: qualcomm snapdragon_855_mobile_platform_firmware: qualcomm snapdragon_865_5g_mobile_platform_firmware: qualcomm snapdragon_888_5g_mobile_platform_firmware: qualcomm snapdragon_x55_5g_modem-rf_system_firmware: qualcomm snapdragon_xr2_5g_platform_firmware: qualcomm sw5100_firmware: qualcomm sw5100p_firmware: qualcomm sxr2130_firmware: qualcomm wcd9326_firmware: qualcomm wcd9341_firmware: qualcomm wcd9370_firmware: qualcomm wcd9375_firmware: qualcomm wcd9380_firmware: qualcomm wcd9385_firmware: qualcomm wcd9390_firmware: qualcomm wcd9395_firmware: qualcomm wcn3610_firmware: qualcomm wcn3615_firmware: qualcomm wcn3660b_firmware: qualcomm wcn3680b_firmware: qualcomm wcn3950_firmware: qualcomm wcn3980_firmware: qualcomm wcn3988_firmware: qualcomm wcn6740_firmware: qualcomm wsa8810_firmware: qualcomm wsa8815_firmware: qualcomm wsa8830_firmware: qualcomm wsa8832_firmware: qualcomm wsa8835_firmware: qualcomm wsa8840_firmware: qualcomm wsa8845_firmware: qualcomm wsa8845h_firmware:

Exploit Probability

EPSS
0.13%
Percentile
32.05%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.