{"id":"CVE-2023-50010","details":"FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component.","modified":"2026-05-19T00:14:38.149130Z","published":"2024-04-19T00:00:00Z","related":["CGA-5gc9-qr6c-hg3j","SUSE-SU-2024:1592-1","SUSE-SU-2024:1593-1","SUSE-SU-2025:0862-1","openSUSE-SU-2024:13934-1","openSUSE-SU-2024:13940-1","openSUSE-SU-2025:14974-1","openSUSE-SU-2025:15012-1","openSUSE-SU-2026:20710-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/50xxx/CVE-2023-50010.json","cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://ffmpeg.org/"},{"type":"WEB","url":"https://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06..e4d2666bdc3dbd177a81bbf428654a5f2fa3787a:/libavfilter/vf_gradfun.c"},{"type":"WEB","url":"https://trac.ffmpeg.org/ticket/10702"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/50xxx/CVE-2023-50010.json"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50010"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/e4d2666bdc3dbd177a81bbf428654a5f2fa3787a"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/e809c23786fe297797198a7b9f5d3392d581daf1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.ffmpeg.org/ffmpeg.git","events":[{"introduced":"47ac3e60653da651dfa064b649d0ac297560d8d5"},{"fixed":"083443d67cb159ce469e5d902346b8d0c2cd1c93"}],"database_specific":{"extracted_events":[{"introduced":"6.1"},{"fixed":"7.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*"}}],"versions":["n6.2-dev","n6.1-dev"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50010.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"47ac3e60653da651dfa064b649d0ac297560d8d5"},{"fixed":"083443d67cb159ce469e5d902346b8d0c2cd1c93"},{"fixed":"e4d2666bdc3dbd177a81bbf428654a5f2fa3787a"},{"fixed":"e809c23786fe297797198a7b9f5d3392d581daf1"}],"database_specific":{"extracted_events":[{"introduced":"6.1"},{"fixed":"7.0"}],"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*"}}],"versions":["n6.1","n6.2-dev","n6.1-dev"],"database_specific":{"vanir_signatures_modified":"2026-05-19T00:14:38Z","vanir_signatures":[{"signature_type":"Line","signature_version":"v1","target":{"file":"libavfilter/vf_gradfun.c"},"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/e4d2666bdc3dbd177a81bbf428654a5f2fa3787a","id":"CVE-2023-50010-0b97f928","digest":{"line_hashes":["117459925408390397938909038638097177126","20001850690654149390584934092369185131","33379236983939250762553738679828817855","112359146777007550932691475847209243648"],"threshold":0.9}},{"signature_type":"Function","signature_version":"v1","target":{"function":"filter","file":"libavfilter/vf_gradfun.c"},"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/e809c23786fe297797198a7b9f5d3392d581daf1","id":"CVE-2023-50010-14a1c37f","digest":{"length":1719,"function_hash":"116069738728139430535001473723451908317"}},{"signature_type":"Line","signature_version":"v1","target":{"file":"libavfilter/vf_gradfun.c"},"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/e809c23786fe297797198a7b9f5d3392d581daf1","id":"CVE-2023-50010-28f9d00d","digest":{"line_hashes":["117459925408390397938909038638097177126","20001850690654149390584934092369185131","33379236983939250762553738679828817855","112359146777007550932691475847209243648"],"threshold":0.9}},{"signature_type":"Function","signature_version":"v1","target":{"function":"filter","file":"libavfilter/vf_gradfun.c"},"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/e4d2666bdc3dbd177a81bbf428654a5f2fa3787a","id":"CVE-2023-50010-4655444b","digest":{"length":1719,"function_hash":"116069738728139430535001473723451908317"}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50010.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}