Search for vulnerabilities
| Vulnerability ID | VCID-npah-3sx6-aaar |
| Aliases |
CVE-2024-7055
|
| Summary | A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 7.9 |
| Risk | 4.0 |
| Affected and Fixed Packages | Package Details |
| CWE-122 | Heap-based Buffer Overflow |
| CWE-787 | Out-of-bounds Write |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.11214 |
| EPSS Score | 0.00044 |
| Published At | Nov. 1, 2024, midnight |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2024-08-06T10:58:09.129987+00:00 | NVD Importer | Import | https://nvd.nist.gov/vuln/detail/CVE-2024-7055 | 34.0.0rc4 |