FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.
Metrics
Affected Vendors & Products
References
History
Tue, 03 Dec 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-120 |
Tue, 03 Dec 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ffmpeg
Ffmpeg ffmpeg |
|
Weaknesses | CWE-190 | |
CPEs | cpe:2.3:a:ffmpeg:ffmpeg:6.1.1:*:*:*:*:*:*:* | |
Vendors & Products |
Ffmepg Project
Ffmepg Project ffmepg |
Ffmpeg
Ffmpeg ffmpeg |
Mon, 02 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ffmepg Project
Ffmepg Project ffmepg |
|
Weaknesses | CWE-120 | |
CPEs | cpe:2.3:a:ffmepg_project:ffmepg:-:*:*:*:*:node.js:*:* | |
Vendors & Products |
Ffmepg Project
Ffmepg Project ffmepg |
|
Metrics |
cvssV3_1
|
Fri, 29 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-11-29T00:00:00
Updated: 2024-12-03T14:11:35.604Z
Reserved: 2024-05-17T00:00:00
Link: CVE-2024-35366
Vulnrichment
Updated: 2024-12-02T16:17:29.124Z
NVD
Status : Awaiting Analysis
Published: 2024-11-29T20:15:19.863
Modified: 2024-12-03T14:15:20.107
Link: CVE-2024-35366
Redhat
No data.