CVE-2023-6604

MEDIUM

5.3

Description

A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation.

CVE Details

CVSS v3.1 Score5.3

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published1/6/2025

Last Modified11/3/2025

Sourcenvd

Honeypot Sightings0

Affected Products

ffmpeg:ffmpeg

Weaknesses (CWE)

CWE-99CWE-94

References

https://bugzilla.redhat.com/show_bug.cgi?id=2334337(patrick@puiterwijk.org)

https://lists.debian.org/debian-lts-announce/2025/07/msg00004.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.