CVE-2023-6879 #348
Description
CVE-2023-6879
Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().
Affected component
The vulnerability is in pkg:deb/debian/[email protected], detected by the github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning scan.
Recommended fix
No fix is available.
Risk: 0.69 (Low)
EPSS: 0.07 %
The exploit probability is very low. The vulnerability is unlikely to be exploited in the next 30 days.
Exploit: Not available
We did not find any exploit available. Neither in GitHub repositories nor in the Exploit-Database. There are no script kiddies exploiting this vulnerability.
Vulnerability Depth: 6
The vulnerability is in a dependency of a dependency your project. It is 6 levels deep.
CVSS-BE: 9.1
- Exploiting this vulnerability significantly impacts availability.
- Exploiting this vulnerability significantly impacts integrity.
- Exploiting this vulnerability significantly impacts confidentiality.
CVSS-B: 9.0
- The vulnerability can be exploited over the network without needing physical access.
- It is difficult for an attacker to exploit this vulnerability and may require special conditions.
- An attacker does not need any special privileges or access rights.
- No user interaction is needed for the attacker to exploit this vulnerability.
- The vulnerability can affect other systems as well, not just the initial system.
- There is a high impact on the confidentiality of the information.
- There is a high impact on the integrity of the data.
- There is a high impact on the availability of the system.
More details can be found in DevGuard
Slash Commands
You can use the following slash commands to interact with this vulnerability:
/accept <Justification>or/a <Justification>- Accept the risk/false-positive <Justification>or/fp <Justification>- Mark the risk as false positive/reopen <Justification>or/r <Justification>- Reopen the risk
Risk exceeds predefined threshold