CVE-2024-35366

CRITICAL

9.1

Descricao

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.

Detalhes CVE

Pontuacao CVSS v3.19.1

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado11/29/2024

Ultima modificacao6/3/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

ffmpeg:ffmpeg

Fraquezas (CWE)

CWE-190

Referencias

https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf(cve@mitre.org)

https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389(cve@mitre.org)

https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.