exploitDog

CVE-2024-7055

Опубликовано: 06 авг. 2024

Источник: nvd

CVSS3: 6.3

CVSS3: 8.8

CVSS2: 7.5

EPSS Низкий

Описание

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.

Ссылки

https://ffmpeg.org/
Product
https://ffmpeg.org/download.html
Product
https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3
Third Party Advisory
https://vuldb.com/?ctiid.273651
Permissions Required
VDB Entry
https://vuldb.com/?id.273651
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.376532
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2024/10/msg00019.html

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*

Версия до 4.3.8 (исключая)

cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*

Версия от 4.4 (включая) до 4.4.5 (исключая)

cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.1.6 (исключая)

cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.1.2 (исключая)

cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*

Версия от 7.0 (включая) до 7.0.2 (исключая)

EPSS

Процентиль: 33%

0.00133

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-122

CWE-787

Связанные уязвимости

CVE-2024-7055

CVSS3: 6.3

ubuntu

больше 1 года назад

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.

CVE-2024-7055

CVSS3: 6.3

debian

больше 1 года назад

A vulnerability was found in FFmpeg up to 7.0.1. It has been classifie ...

SUSE-SU-2024:3301-1

suse-cvrf

больше 1 года назад

Security update for ffmpeg-4

GHSA-5gxm-744m-qfgp

CVSS3: 6.3

github

больше 1 года назад

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.

BDU:2024-09901

CVSS3: 4.2

fstec

больше 1 года назад

Уязвимость функции pnm_decode_frame() (/libavcodec/pnmdec.c) мультимедийной библиотеки FFmpeg, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 33%

0.00133

Низкий

6.3 Medium

CVSS3

8.8 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-122

CWE-787