Search for vulnerabilities
| Vulnerability ID | VCID-1ty8-tgqz-7kej |
| Aliases |
CVE-2024-35369
|
| Summary | In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 5.0 |
| Risk | 2.5 |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| Reference id | Reference type | URL |
|---|---|---|
| https://api.first.org/data/v1/epss?cve=CVE-2024-35369 | ||
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35369 | ||
| https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml | ||
| 0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c | https://github.com/ffmpeg/ffmpeg/commit/0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c | |
| 455093807666f2e351d674750c8cd0b8 | https://gist.github.com/1047524396/455093807666f2e351d674750c8cd0b8 | |
| cpe:2.3:a:ffmpeg:ffmpeg:6.1.1:*:*:*:*:*:*:* | https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:6.1.1:*:*:*:*:*:*:* | |
| CVE-2024-35369 | https://nvd.nist.gov/vuln/detail/CVE-2024-35369 | |
| speexdec.c#L1423 | https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/speexdec.c#L1423 |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.02841 |
| EPSS Score | 0.00018 |
| Published At | April 27, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2024-11-29T23:41:51.911637+00:00 | Vulnrichment | Import | https://github.com/cisagov/vulnrichment/blob/develop/2024/35xxx/CVE-2024-35369.json | 35.0.0 |