DEBIAN-CVE-2024-35369

DEBIAN-CVE-2024-35369 PUBLISHED CVSS 5.5 MEDIUM

In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process.

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:12	ffmpeg	7.0.1-4, ,
Debian:13	ffmpeg	0, 0
Debian:14	ffmpeg	0, 0

Timeline

Nov 29, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-35369 advisory

Open in Interactive Console →