CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-35366

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.8%

CVSS Severity

CVSS v3 Score 9.1

References

https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389
https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6

Products affected by CVE-2024-35366

Ffmpeg » Ffmpeg » Version: 6.1.1

cpe:2.3:a:ffmpeg:ffmpeg:6.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-35366

Products

Pricing

Contact Us