Integer Overflow Vulnerability in FFmpeg 6.1.1 from FFmpeg
CVE-2024-35366

Currently unrated

Key Information:

Vendor: FFmpeg
Status: FFmpeg
Vendor: CVE Published:; 29 November 2024

What is CVE-2024-35366?

The Integer Overflow vulnerability in FFmpeg version 6.1.1 occurs in the parse_options function located in sbgdec.c within the libavformat module. This flaw arises when the software fails to properly validate options during parsing, allowing the acceptance of negative duration values without adequate bounds checking. Consequently, malicious actors can exploit this oversight to manipulate program behavior, potentially leading to unexpected results or security breaches.

References

https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b789991...

https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/...

https://gist.github.com/1047524396/1e72f170d58c2547ebd4db...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 29, 2024
Vulnerability Reserved
May 17, 2024