CVE-2024-35366

CRITICAL 9.1

CVSS Score

9.1

EPSS Score

0.0%

EPSS Percentile

0th

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.

Vendor	n/a
Product	n/a
Published	Nov 29, 2024
Last Updated	Dec 3, 2024

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new critical vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6 github.com: https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389 gist.github.com: https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf