8

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-49528

CVE-2023-49528: Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to...

Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-49528

CVE-2023-49528:

8

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a heap-based buffer overflow in af_dialoguenhance.c. The commit 2d9ed64859c9887d0504cd71dbd5b2c15e14251a fixes this vulnerability.

The patch modifies two functions: config_input and de_stereo.

In de_stereo, the memcpy operations were changed to use nb_samples (the minimum of s->overlap and s->in->nb_samples) instead of s->overlap for the size. This directly addresses the over-read mentioned in the vulnerability description (af_dialoguenhance.c:261:5). This makes de_stereo a vulnerable function.
In config_input, the buffer allocation size for several frames was changed from s->fft_size * 4 to (s->fft_size + 2) * 2. This suggests the original allocation might have been insufficient, potentially leading to issues when these buffers are used, including in de_stereo. While not the direct site of the over-read, incorrect buffer sizing can be a contributing factor to buffer overflows. Thus, config_input is also identified as a related function, though with medium confidence as the primary vulnerability lies in de_stereo.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-49528: Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to...

CVE-2023-49528:

8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-49528: Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to...

8

8

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI