CVE-2023-6879

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 27, 2023
Updated: Feb 2, 2024
CWE ID 787
CWE ID 20

Summary

CVE-2023-6879 is a newly discovered vulnerability affecting the AOM-AV1 video codec. The issue arises during multi-threaded encode operations when increasing the resolution of video frames. This can result in a heap overflow in the av1_loop_restoration_dealloc() function, potentially leading to arbitrary code execution and security breaches. Exploitation of this vulnerability could allow an attacker to gain control over an affected system or network. Organizations are advised to apply patches or updates as soon as they become available to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Fedora Operating System

Affected Vendors

  • Fedora Project