CVE-2024-7055 — Heap-based Buffer Overflow in Ffmpeg

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write6 documents5 sources

Severity

6.9MEDIUMNVD

OSV8.8

EPSS

0.1%

top 68.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ffmpeg Debian Ffmpeg

Timeline

PublishedAug 6

Latest updateOct 15

Description

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-27365…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages5 packages

▶NVDffmpeg/ffmpeg4.4 — 4.4.5+4

▶debiandebian/ffmpeg< ffmpeg 7:5.1.6-0+deb12u1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:4.3.8-0+deb11u1+3

▶Ubuntuffmpeg/ffmpeg< 7:2.8.17-0ubuntu0.1+esm12+4

▶CVEListV5ffmpeg/ffmpeg7.0.0, 7.0.1+1

🔴Vulnerability Details

OSV

ffmpeg vulnerabilities↗2025-10-15

▶

OSV

CVE-2024-7055: A vulnerability was found in FFmpeg up to 7↗2024-08-06

▶

GHSA

GHSA-5gxm-744m-qfgp: A vulnerability was found in FFmpeg up to 7↗2024-08-06

▶

📋Vendor Advisories

Ubuntu

FFmpeg vulnerabilities↗2025-10-15

▶

Debian

CVE-2024-7055: ffmpeg - A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as criti...↗2024

▶