CVE-2023-47470 – A buffer overflow vulnerability in FFmpeg's ref... (How to Fix)

Q: What is the severity of CVE-2023-47470?

CVE-2023-47470 has a CVSS score of 7.8 (HIGH). A buffer overflow vulnerability in FFmpeg's ref_pic_list_struct function allows remote attackers to write outside array bounds, potentially executing arbitrary code or causing denial of service. This affects systems processing EVC (Essential Video Coding) video streams with vulnerable FFmpeg versions. Attackers can exploit this by providing malicious video files.

📋 TL;DR

A buffer overflow vulnerability in FFmpeg's ref_pic_list_struct function allows remote attackers to write outside array bounds, potentially executing arbitrary code or causing denial of service. This affects systems processing EVC (Essential Video Coding) video streams with vulnerable FFmpeg versions. Attackers can exploit this by providing malicious video files.

💻 Affected Systems

Products:

FFmpeg

Versions: All versions before commit 4565747056a11356210ed8edcecb920105e40b60

Operating Systems: All platforms running FFmpeg

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when processing EVC (Essential Video Coding) video streams; other codecs are not affected.

📦 What is this software?

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the FFmpeg process, potentially leading to full system compromise if FFmpeg runs with elevated privileges.

🟠

Likely Case

Denial of service through application crashes when processing malicious video files, potentially disrupting media processing services.

🟢

If Mitigated

Limited impact if FFmpeg runs in sandboxed environments with minimal privileges and input validation is enforced.

🌐 Internet-Facing: MEDIUM - Exploitable via malicious video uploads to web services using FFmpeg, but requires specific EVC format processing.

🏢 Internal Only: LOW - Primarily affects media processing workflows; limited exposure in typical enterprise environments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious EVC video files; public reports and PoC exist in the referenced GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 4565747056a11356210ed8edcecb920105e40b60

Vendor Advisory: https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60

Restart Required: Yes

Instructions:

1. Update FFmpeg to version including commit 4565747056a11356210ed8edcecb920105e40b60 or later. 2. Rebuild from source if using custom builds. 3. Restart all services using FFmpeg.

🔧 Temporary Workarounds

Disable EVC codec processing

all

Prevent FFmpeg from processing EVC video streams to block exploitation vectors

ffmpeg -codecs | grep evc
Reconfigure applications to reject EVC format inputs

Sandbox FFmpeg execution

linux

Run FFmpeg in containerized or restricted environments to limit exploit impact

docker run --security-opt no-new-privileges ffmpeg-container
Use seccomp profiles or AppArmor

🧯 If You Can't Patch

Implement strict input validation to reject untrusted video files
Deploy network segmentation to isolate FFmpeg processing systems

🔍 How to Verify

Check if Vulnerable:

Check FFmpeg version and commit hash: ffmpeg -version | grep -i 'version\|commit'

Check Version:

ffmpeg -version | head -1

Verify Fix Applied:

Verify commit 4565747056a11356210ed8edcecb920105e40b60 is present: git log --oneline | grep 4565747056

📡 Detection & Monitoring

Log Indicators:

FFmpeg segmentation faults or abnormal termination when processing video files
Error messages referencing evc_ps.c or ref_pic_list_struct

Network Indicators:

Unusual uploads of EVC format video files to media processing services

SIEM Query:

source="*ffmpeg*" AND ("segmentation fault" OR "SIGSEGV" OR "evc_ps.c")

📊 Metadata

CVE ID: CVE-2023-47470

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: November 16, 2023

Last Updated: August 11, 2025

🔗 References

https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60 Patch,Vendor Advisory
https://github.com/goldds96/Report/tree/main/FFmpeg Vendor Advisory
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230915131147.5945-2-michael%40niedermayer.cc/ Third Party Advisory
https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60 Patch,Vendor Advisory
https://github.com/goldds96/Report/tree/main/FFmpeg Vendor Advisory
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230915131147.5945-2-michael%40niedermayer.cc/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47470, you might also want to check these: