FFmpeg
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*
- 8.0
A vulnerability allowing integer overflow has been identified in FFmpeg version 8.0. This issue arises in the 'yuv2ya16_X_c_template' function within 'libswscale/output.c'. The overflow occurs during the processing of pixel values, which can lead to undefined behavior when converting colors from YUV to YA16 formats. The problem stems from the multiplication of pixel values and filter coefficients, which can exceed the limits of signed integers, potentially causing memory corruption or other unintended effects.
Exploitation of this vulnerability can lead to memory corruption, causing undefined behavior in the application. Such issues can often be exploited to execute arbitrary code or cause a crash.
Users can upgrade to FFmpeg versions 8.0.1, 7.1.2, or 7.0.3, where this vulnerability has been fixed.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.