Home > Vulnerability Database > CVE-2024-35366

Mend.io Vulnerability Database

CVE-2024-35366

Date: November 28, 2024

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.

Language: C

Severity Score

9.1

Related Resources (6)

Url: https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf

Url: https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6

Url: https://security-tracker.debian.org/tracker/CVE-2024-35366

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-35366

Url: https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389

Url: https://www.mend.io/vulnerability-database/CVE-2024-35366

Severity Score

9.1

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-35366

Date: November 28, 2024

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?