Buffer Overflow Vulnerability in FFmpeg 7.0 by FFmpeg
CVE-2024-32230

7.8HIGH

Key Information:

Vendor: Ffmpeg
Status: Ffmpeg
Vendor: CVE Published:; 1 July 2024

What is CVE-2024-32230?

The vulnerability identified in FFmpeg version 7.0 relates to a buffer overflow caused by a negative-size parameter error in the load_input_picture function located in the libavcodec/mpegvideo_enc.c source file. This flaw can lead to unexpected behavior when processing certain multimedia data, potentially allowing an attacker to exploit the oversight and execute arbitrary code or cause a denial of service. Proper mitigation strategies are essential to maintain the integrity and security of systems utilizing FFmpeg.

References

https://trac.ffmpeg.org/ticket/10952

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2024
Vulnerability Reserved
Apr 12, 2024

Ffmpeg

What is CVE-2024-32230?

References

CVSS V3.1

Timeline