CVE-2024-35369

MEDIUM

5.5

Beschreibung

In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process.

CVE Details

CVSS v3.1 Bewertung5.5

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AngriffsvektorLOCAL

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht11/29/2024

Zuletzt geandert6/3/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

ffmpeg:ffmpeg

Schwachen (CWE)

CWE-190

Referenzen

https://gist.github.com/1047524396/455093807666f2e351d674750c8cd0b8(cve@mitre.org)

https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/speexdec.c#L1423(cve@mitre.org)

https://github.com/ffmpeg/ffmpeg/commit/0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.