VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-zgw9-f5f8-fygv

Essentials
Severities (26)
References (16)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-zgw9-f5f8-fygv
Aliases	CVE-2024-35366
Summary	FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.
Status	Published
Exploitability	0.5
Weighted Severity	8.2
Risk	4.1
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00203	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00236	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00236	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00236	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00236	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00236	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00236	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00236	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00236	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00236	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00236	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00236	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00266	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00266	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
epss	0.00266	https://api.first.org/data/v1/epss?cve=CVE-2024-35366
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	9.1	https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf
ssvc	Track	https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf
cvssv3.1	9.1	https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389
ssvc	Track	https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389
cvssv3.1	9.1	https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6
ssvc	Track	https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-35366
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48434
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50010
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51793
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51794
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51798
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32230
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35366
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36616
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36617
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
0bed22d597b78999151e3bde0768b7fe763fc2a6		https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6
1e72f170d58c2547ebd4db4cdf6cfabf		https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf
cpe:2.3:a:ffmpeg:ffmpeg:6.1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:6.1.1:::::::*
CVE-2024-35366		https://nvd.nist.gov/vuln/detail/CVE-2024-35366
sbgdec.c#L389		https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Found at https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T16:13:40Z/ Found at https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T16:13:40Z/ Found at https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-02T16:13:40Z/ Found at https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6

Exploit Prediction Scoring System (EPSS)

Percentile	0.42799
EPSS Score	0.00203
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:01:53.348426+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/35xxx/CVE-2024-35366.json	37.0.0