[email protected]CVE-2024-31578

HistoryApr 17, 2024 - 2:15 p.m.

CVE-2024-31578

2024-04-1714:15:08

CWE-416

[email protected]

web.nvd.nist.gov

cve-2024-31578

nvd

av_hwframe_ctx_init

information security

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.

References

gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179

github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for CVE-2024-31578

cvelist1 ubuntucve1 nvd1 vulnrichment1 osv2 debiancve1 openvas8 nessus6 ubuntu1 fedora3