Alpine: multiple ffmpeg packages: security update to 6.1-r0

high Tenable Self-Hosted Container Security Plugin ID 408176

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size
variable in the read_vlc_prefix() function. (CVE-2023-46407)

- Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60
allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of
service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c (CVE-2023-47470)

See Also

https://security.alpinelinux.org/vuln/CVE-2023-46407

https://security.alpinelinux.org/vuln/CVE-2023-47470

Plugin Details

Severity: High

ID: 408176

Version: Revision 1.32

Type: Local

Published: 12/15/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-47470

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/27/2023

Reference Information

CVE: CVE-2023-46407, CVE-2023-47470