CVE-2024-35367

CRITICAL EPSS 47.3%
Published Nov 29, 20241y ago ยท Modified Jun 17, 20261w ago
9.1 CVSS 3.1
Critical
Find Similar
Published Nov 29, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer

CVSS Details

Base Score
9.1
Exploitability
3.9
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
47.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 1

VendorProductVersionRange
ffmpegffmpeg6.1.1any

References 4

  • gist.github.com https://gist.github.com/1047524396/9754a44845578358f6a403447c458ca4
    Third Party Advisory
  • github.com https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/ppc/vp8dsp_altivec.c#L53
    Product
  • github.com https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/02/msg00000.html

Remediation

  • github.com https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667
    Patch