CVE-2023-39018 – net.bramp.ffmpeg:ffmpeg

Package

Manager: maven
Name: net.bramp.ffmpeg:ffmpeg
Vulnerable Version: <0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: N/A

EPSS: 0.00096 pctl0.2766

Details

FFmpeg discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor> ## Withdrawn This advisory has been withdrawn because it has been found to be disputed. Please see the issue [here](https://github.com/bramp/ffmpeg-cli-wrapper/issues/291) for more information. ## Original Despcription FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument.

Metadata

Created: 2023-07-28T15:30:23Z
Modified: 2024-03-12T15:53:30Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-2jx3-fx5f-r2c6/GHSA-2jx3-fx5f-r2c6.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-2jx3-fx5f-r2c6
Finding: N/A
Auto approve: 0