Search for vulnerabilities
Vulnerability details: VCID-etvd-ankr-mkcp
Vulnerability ID VCID-etvd-ankr-mkcp
Aliases CVE-2024-7055
Summary A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-122 Heap-based Buffer Overflow
CWE-787 Out-of-bounds Write
System Score Found at
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-7055
cvssv2 7.5 https://ffmpeg.org/
cvssv3 6.3 https://ffmpeg.org/
cvssv3.1 6.3 https://ffmpeg.org/
cvssv4 6.9 https://ffmpeg.org/
ssvc Track https://ffmpeg.org/
cvssv2 7.5 https://ffmpeg.org/download.html
cvssv3 6.3 https://ffmpeg.org/download.html
cvssv3.1 6.3 https://ffmpeg.org/download.html
cvssv4 6.9 https://ffmpeg.org/download.html
ssvc Track https://ffmpeg.org/download.html
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.5 https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3
cvssv3 6.3 https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3
cvssv3.1 6.3 https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3
cvssv4 6.9 https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3
ssvc Track https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2024-7055
cvssv2 7.5 https://vuldb.com/?ctiid.273651
cvssv3 6.3 https://vuldb.com/?ctiid.273651
cvssv3.1 6.3 https://vuldb.com/?ctiid.273651
cvssv4 6.9 https://vuldb.com/?ctiid.273651
ssvc Track https://vuldb.com/?ctiid.273651
cvssv2 7.5 https://vuldb.com/?id.273651
cvssv3 6.3 https://vuldb.com/?id.273651
cvssv3.1 6.3 https://vuldb.com/?id.273651
cvssv4 6.9 https://vuldb.com/?id.273651
ssvc Track https://vuldb.com/?id.273651
cvssv2 7.5 https://vuldb.com/?submit.376532
cvssv3 6.3 https://vuldb.com/?submit.376532
cvssv3.1 6.3 https://vuldb.com/?submit.376532
cvssv4 6.9 https://vuldb.com/?submit.376532
ssvc Track https://vuldb.com/?submit.376532
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-7055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7055
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
?ctiid.273651 https://vuldb.com/?ctiid.273651
CVE-2024-7055 https://nvd.nist.gov/vuln/detail/CVE-2024-7055
download.html https://ffmpeg.org/download.html
ffmpeg.org https://ffmpeg.org/
?id.273651 https://vuldb.com/?id.273651
poc3 https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3
?submit.376532 https://vuldb.com/?submit.376532
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://ffmpeg.org/
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://ffmpeg.org/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://ffmpeg.org/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://ffmpeg.org/
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/ Found at https://ffmpeg.org/
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://ffmpeg.org/download.html
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://ffmpeg.org/download.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://ffmpeg.org/download.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://ffmpeg.org/download.html
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/ Found at https://ffmpeg.org/download.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/ Found at https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-7055
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://vuldb.com/?ctiid.273651
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://vuldb.com/?ctiid.273651
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://vuldb.com/?ctiid.273651
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://vuldb.com/?ctiid.273651
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/ Found at https://vuldb.com/?ctiid.273651
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://vuldb.com/?id.273651
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://vuldb.com/?id.273651
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://vuldb.com/?id.273651
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://vuldb.com/?id.273651
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/ Found at https://vuldb.com/?id.273651
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://vuldb.com/?submit.376532
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://vuldb.com/?submit.376532
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://vuldb.com/?submit.376532
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N Found at https://vuldb.com/?submit.376532
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:41:29Z/ Found at https://vuldb.com/?submit.376532
Exploit Prediction Scoring System (EPSS)
Percentile 0.43437
EPSS Score 0.00208
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:02:47.137186+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2024/7xxx/CVE-2024-7055.json 37.0.0