VDB
CNVD-2024-29680
CNVD-2024-29680
PUBLISHED
CVSS 4 MEDIUM
FFmpeg是FFmpeg团队的一套可录制、转换以及流化音视频的完整解决方案。 FFmpeg v.n6.1-3-g466799d4f5版本存在缓冲区溢出漏洞,攻击者可利用该漏洞通过libavutil/samplefmt.c:260:9组件中的av_samples_set_silence函数执行任意代码。
Risk Scores
CVSS v3.1
4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ffmpeg | ffmpeg | - |
| n/a | n/a | n/a |
Timeline
- Apr 19, 2024 CVE Published
- Apr 24, 2024 CVE ID Reserved
References
- https://github.com/FFmpeg/FFmpeg/commit/b1942734c7cbcdc9034034373abcc9ecb9644c47 url
- https://trac.ffmpeg.org/ticket/10700 url
- FEDORA-2024-92780a83f9 vendor-advisory
- FEDORA-2024-55e7e839f1 vendor-advisory
- FEDORA-2024-3a548f46a8 vendor-advisory
- FEDORA-2024-92780a83f9 vendor-advisory
- FEDORA-2024-55e7e839f1 vendor-advisory
- FEDORA-2024-3a548f46a8 vendor-advisory