CVE-2024-7055
MEDIUM severity · CVSS 6.3 · CWE-122
6.3CVSS MEDIUM
Summary
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionRequired
Confidentiality impactLow
Integrity impactLow
Availability impactLow
Exploit probability (EPSS)1%
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- https://ffmpeg.org/
- https://ffmpeg.org/download.html
- https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3Advisory
- https://vuldb.com/?ctiid.273651
- https://vuldb.com/?id.273651Advisory
- https://vuldb.com/?submit.376532Advisory
- https://lists.debian.org/debian-lts-announce/2024/10/msg00019.html