Home > Vulnerability Database > CVE-2024-35369

Mend.io Vulnerability Database

CVE-2024-35369

Date: November 28, 2024

In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process.

Language: C

Severity Score

5.5

Related Resources (6)

Url: https://github.com/ffmpeg/ffmpeg/commit/0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c

Url: https://security-tracker.debian.org/tracker/CVE-2024-35369

Url: https://gist.github.com/1047524396/455093807666f2e351d674750c8cd0b8

Url: https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/speexdec.c#L1423

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-35369

Url: https://www.mend.io/vulnerability-database/CVE-2024-35369

Severity Score

5.5

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-35369

Date: November 28, 2024

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?