CVE-2024-35366

{"id": "CVE-2024-35366", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2024-11-29T20:15:19.863", "references": [{"url": "https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf", "source": "cve@mitre.org"}, {"url": "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389", "source": "cve@mitre.org"}, {"url": "https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking."}, {"lang": "es", "value": "FFmpeg n6.1.1 es un desbordamiento de enteros. La vulnerabilidad existe en la funci\u00f3n parse_options de sbgdec.c dentro del m\u00f3dulo libavformat. Al analizar ciertas opciones, el software no valida adecuadamente la entrada. Esto permite que se acepten valores de duraci\u00f3n negativos sin una verificaci\u00f3n de los l\u00edmites adecuada."}], "lastModified": "2024-12-03T14:15:20.107", "sourceIdentifier": "cve@mitre.org"}