CVE-2023-6604 | THREATINT

Description

A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.

PUBLISHED Reserved 2023-12-08 | Published 2025-01-06 | Updated 2025-11-03 | Assigner fedora

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

Improper Control of Resource Identifiers ('Resource Injection')

Product status

Default status

unknown

2.0 (semver) before 6.*

affected

Timeline

2023-12-06:	Reported to Red Hat.
2024-02-26:	Made public.

References

lists.debian.org/debian-lts-announce/2025/07/msg00004.html

bugzilla.redhat.com/show_bug.cgi?id=2334337 (RHBZ#2334337) issue-tracking

cve.org (CVE-2023-6604)

nvd.nist.gov (CVE-2023-6604)

Download JSON