CVE-2023-51798: 
Ffmpeg vulnerability analysis and mitigation

A Buffer Overflow vulnerability was discovered in FFmpeg version N113007-g8d24a28d06, identified as CVE-2023-51798. The vulnerability was found in the minterpolate filter functionality, specifically at libavfilter/vf_minterpolate.c:1078:60 in the interpolate function. The issue was discovered by Zeng Yunxiang and was publicly disclosed in April 2024 (FFmpeg Ticket).

The vulnerability manifests as a floating point exception (FPE) error in the minterpolate filter component of FFmpeg. When processing certain input files through this filter, the application encounters a buffer overflow condition that can lead to a crash. The issue has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating significant potential impact (NVD).

The vulnerability allows a local attacker to execute arbitrary code through a floating point exception error. The high CVSS score indicates that successful exploitation could lead to complete compromise of the system's confidentiality, integrity, and availability when exploited by an attacker with local access (NVD).

Multiple Linux distributions have released patches to address this vulnerability. Ubuntu has issued fixes across multiple versions: 7:6.0-6ubuntu1.1 for version 23.10, 7:4.4.2-0ubuntu0.22.04.1+esm4 for version 22.04 LTS, 7:4.2.7-0ubuntu0.1+esm5 for version 20.04 LTS, and 7:3.4.11-0ubuntu0.1+esm5 for version 18.04 LTS (Ubuntu Security).