CVE-2024-35366

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
mitreCNA
---
---
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
ffmpegffmpeg
6.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ffmpeg
bullseye
7:4.3.7-0+deb11u1
fixed
bullseye (security)
7:4.3.9-0+deb11u1
fixed
bookworm
7:5.1.7-0+deb12u1
fixed
bookworm (security)
7:5.1.7-0+deb12u1
fixed
trixie (security)
7:7.1.2-0+deb13u1
fixed
trixie
7:7.1.2-0+deb13u1
fixed
forky
7:7.1.3-1
fixed
sid
7:7.1.3-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libav
questing
dne
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
trusty
needs-triage
ffmpeg
questing
not-affected
plucky
not-affected
oracular
not-affected
noble
Fixed 7:6.1.1-3ubuntu5+esm5
released
jammy
Fixed 7:4.4.2-0ubuntu0.22.04.1+esm9
released
focal
Fixed 7:4.2.7-0ubuntu0.1+esm10
released
bionic
Fixed 7:3.4.11-0ubuntu0.1+esm10
released
xenial
Fixed 7:2.8.17-0ubuntu0.1+esm12
released
Common Weakness Enumeration
References
https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389
https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6