CVE-2024-35366

EUVD-2024-35744
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
ffmpegffmpeg
6.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ffmpeg
bookworm
7:5.1.7-0+deb12u1
fixed
bookworm (security)
7:5.1.8-0+deb12u1
fixed
bullseye
7:4.3.7-0+deb11u1
fixed
bullseye (security)
7:4.3.9-0+deb11u1
fixed
forky
7:8.0.1-2
fixed
sid
7:8.0.1-3
fixed
trixie
7:7.1.2-0+deb13u1
fixed
trixie (security)
7:7.1.3-0+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libav
focal
dne
jammy
dne
noble
dne
oracular
dne
plucky
dne
questing
dne
trusty
needs-triage
ffmpeg
bionic
Fixed 7:3.4.11-0ubuntu0.1+esm10
released
focal
Fixed 7:4.2.7-0ubuntu0.1+esm10
released
jammy
Fixed 7:4.4.2-0ubuntu0.22.04.1+esm9
released
noble
Fixed 7:6.1.1-3ubuntu5+esm5
released
oracular
not-affected
plucky
not-affected
questing
not-affected
xenial
Fixed 7:2.8.17-0ubuntu0.1+esm12
released
Common Weakness Enumeration
References
https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389
https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6