CVE-2024-31581 — Improper Validation of Array Index in Ffmpeg

CWE-129 — Improper Validation of Array Index5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.2%

top 55.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Fedoraproject Fedora

Timeline

PublishedApr 17

Description

FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶Debianffmpeg/ffmpeg< 7:7.0.1-3+1

▶NVDffmpeg/ffmpeg6.1

Also affects: Fedora 38, 39, 40

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-w4m9-fjxw-9x39: FFmpeg version n6↗2024-04-17

▶

CVEList

CVE-2024-31581: FFmpeg version n6↗2024-04-17

▶

OSV

CVE-2024-31581: FFmpeg version n6↗2024-04-17

▶

📋Vendor Advisories

Debian

CVE-2024-31581: ffmpeg - FFmpeg version n6.1 was discovered to contain an improper validation of array in...↗2024

▶