CVE-2023-47470

Summary

CVE-2023-47470 is a critical buffer overflow vulnerability affecting FFmpeg before the commit 4565747056a11356210ed8edcecb920105e40b60. This issue enables a remote attacker to write beyond the array bounds in the ref_pic_list_struct function located in libavcodec/evc_ps.c. By exploiting this flaw, an attacker can execute arbitrary code and induce a denial of service (DoS) scenario. This vulnerability poses a significant risk and requires immediate attention from FFmpeg users and maintainers. It is strongly recommended to apply the available patch or update to the latest version of FFmpeg to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.