Search for vulnerabilities
Vulnerability details: VCID-yh4p-8yd8-vyek
Vulnerability ID VCID-yh4p-8yd8-vyek
Aliases CVE-2024-35366
Summary FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.
Status Published
Exploitability 0.5
Weighted Severity 8.2
Risk 4.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00166 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2024-35366
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 9.1 https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf
ssvc Track https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf
cvssv3.1 9.1 https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389
ssvc Track https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389
cvssv3.1 9.1 https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6
ssvc Track https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-35366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36617
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389
https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6
cpe:2.3:a:ffmpeg:ffmpeg:6.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:6.1.1:*:*:*:*:*:*:*
CVE-2024-35366 https://nvd.nist.gov/vuln/detail/CVE-2024-35366
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Found at https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T16:13:40Z/ Found at https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T16:13:40Z/ Found at https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T16:13:40Z/ Found at https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6
Exploit Prediction Scoring System (EPSS)
Percentile 0.17329
EPSS Score 0.00045
Published At Dec. 3, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-12-03T01:30:55.877601+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-35366 35.0.0