CVE-2024-35366

Published: 11/29/2024 Last updated: 12/3/2024 Reserved: 5/17/2024

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	9.1	Critical	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Opam packages affected (3)

conf-ffmpeg ffmpeg opus

Products affected (1)

Product	Vendor	Version
n/a	n/a	< 10.0.14393.7699

References (3)

https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389
https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf