Search for vulnerabilities
Vulnerability ID | VCID-6r1f-cgtt-dqdp |
Aliases |
CVE-2024-35368
|
Summary | FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. |
Status | Published |
Exploitability | 0.5 |
Weighted Severity | 8.8 |
Risk | 4.4 |
Affected and Fixed Packages | Package Details |
There are no known CWE. |
Reference id | Reference type | URL |
---|---|---|
https://api.first.org/data/v1/epss?cve=CVE-2024-35368 | ||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35368 | ||
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml | ||
4513300989502090c4fd6560544dce399a8cd53c | https://github.com/ffmpeg/ffmpeg/commit/4513300989502090c4fd6560544dce399a8cd53c | |
7e6e47220ae2b2d2fb4611f0d8a31ec5 | https://gist.github.com/1047524396/7e6e47220ae2b2d2fb4611f0d8a31ec5 | |
cpe:2.3:a:ffmpeg:ffmpeg:7.0:*:*:*:*:*:*:* | https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:7.0:*:*:*:*:*:*:* | |
CVE-2024-35368 | https://nvd.nist.gov/vuln/detail/CVE-2024-35368 | |
rkmppdec.c#L466 | https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/rkmppdec.c#L466 |
Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
Percentile | 0.40888 |
EPSS Score | 0.00187 |
Published At | July 30, 2025, 12:55 p.m. |
Date | Actor | Action | Source | VulnerableCode Version |
---|---|---|---|---|
2025-07-31T09:01:33.346532+00:00 | Vulnrichment | Import | https://github.com/cisagov/vulnrichment/blob/develop/2024/35xxx/CVE-2024-35368.json | 37.0.0 |