Login Sign Up

CVE-2023-51798

7.8 HIGH
Buffer Overflow

📋 TL;DR

This CVE describes a buffer overflow vulnerability in FFmpeg's minterpolate filter that allows a local attacker to execute arbitrary code via a floating point exception. The vulnerability affects FFmpeg versions around v.N113007-g8d24a28d06 and requires local access to exploit. Systems using FFmpeg for video processing are potentially affected.

💻 Affected Systems

Products:
  • FFmpeg
Versions: Version v.N113007-g8d24a28d06 and likely surrounding versions
Operating Systems: Linux, Windows, macOS - any OS running vulnerable FFmpeg
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using the minterpolate filter. The vulnerability is triggered at libavfilter/vf_minterpolate.c:1078:60 during interpolation.

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full system control and executes arbitrary code with the privileges of the FFmpeg process, potentially leading to complete system compromise.

🟠

Likely Case

Local attacker with limited privileges escalates to higher privileges or executes malicious code within the FFmpeg process context.

🟢

If Mitigated

Attack fails due to proper privilege separation, sandboxing, or the process running with minimal privileges.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the system to exploit.
🏢 Internal Only: MEDIUM - Internal users with local access could exploit this, but requires specific conditions and FFmpeg usage.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and triggering of the specific floating point exception in the minterpolate filter. The CWE-120 (Buffer Copy without Checking Size of Input) classification suggests classic buffer overflow exploitation patterns.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in FFmpeg git repository (commit not specified in CVE references)

Vendor Advisory: https://trac.ffmpeg.org/ticket/10758

Restart Required: No

Instructions:

1. Update FFmpeg to latest version from official repository. 2. For package managers: Use system update commands (apt update && apt upgrade ffmpeg on Debian/Ubuntu, yum update ffmpeg on RHEL/CentOS). 3. Recompile from source using latest git commit if using custom builds.

🔧 Temporary Workarounds

Disable minterpolate filter

all

Prevent usage of the vulnerable filter by removing or disabling it in FFmpeg configurations

# Modify FFmpeg configurations to avoid -vf minterpolate or similar filter usage

Run FFmpeg with reduced privileges

linux

Execute FFmpeg with minimal necessary permissions using privilege separation

sudo -u nobody ffmpeg [options]
# Or create dedicated low-privilege user for FFmpeg processing

🧯 If You Can't Patch

  • Implement strict input validation and sanitization for all FFmpeg inputs
  • Isolate FFmpeg processing in containers or VMs with no network access

🔍 How to Verify

Check if Vulnerable:

Check FFmpeg version: ffmpeg -version | grep 'version' and compare against vulnerable version v.N113007-g8d24a28d06

Check Version:

ffmpeg -version | head -1

Verify Fix Applied:

Verify updated version no longer contains the vulnerable code: ffmpeg -version should show newer version than v.N113007-g8d24a28d06

📡 Detection & Monitoring

Log Indicators:

  • FFmpeg crashes with floating point exceptions
  • Unexpected FFmpeg process termination
  • Core dumps from FFmpeg processes

Network Indicators:

  • N/A - local vulnerability

SIEM Query:

process.name:"ffmpeg" AND (event.action:"crashed" OR exit_code:"SIGFPE")

📊 Metadata

CVE ID: CVE-2023-51798
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: April 19, 2024
Last Updated: January 7, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51798, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)