FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.
History

Tue, 03 Dec 2024 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120

Tue, 03 Dec 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Ffmpeg
Ffmpeg ffmpeg
Weaknesses CWE-190
CPEs cpe:2.3:a:ffmepg_project:ffmepg:-:*:*:*:*:node.js:*:* cpe:2.3:a:ffmpeg:ffmpeg:6.1.1:*:*:*:*:*:*:*
Vendors & Products Ffmepg Project
Ffmepg Project ffmepg
Ffmpeg
Ffmpeg ffmpeg

Mon, 02 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Ffmepg Project
Ffmepg Project ffmepg
Weaknesses CWE-120
CPEs cpe:2.3:a:ffmepg_project:ffmepg:-:*:*:*:*:node.js:*:*
Vendors & Products Ffmepg Project
Ffmepg Project ffmepg
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 29 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Description FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-11-29T00:00:00

Updated: 2024-12-03T14:11:35.604Z

Reserved: 2024-05-17T00:00:00

Link: CVE-2024-35366

cve-icon Vulnrichment

Updated: 2024-12-02T16:17:29.124Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-29T20:15:19.863

Modified: 2024-12-03T14:15:20.107

Link: CVE-2024-35366

cve-icon Redhat

No data.