CVE-2024-7055

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-7055

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-7055.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-7055

Related

Published

2024-08-06T06:15:36Z

Modified

2024-09-11T05:04:42.400468Z

Summary

[none]

Details

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnmdecodeframe in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.

References

Affected packages

Debian:11 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/debian/ffmpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7:4.*

7:4.3.2-0+deb11u2

7:4.3.2-1

7:4.3.2-2

7:4.3.3-0+deb11u1

7:4.3.4-0+deb11u1

7:4.3.5-0+deb11u1

7:4.3.6-0+deb11u1

7:4.3.7-0+deb11u1

7:4.4-1

7:4.4-2

7:4.4-3

7:4.4-4

7:4.4-5

7:4.4-6

7:4.4.1-1

7:4.4.1-2

7:4.4.1-2+ports

7:4.4.1-3

7:4.4.2-1

7:5.*

7:5.0-1

7:5.0-2

7:5.0-3

7:5.0.1-1

7:5.0.1-2

7:5.0.1-3

7:5.1-1

7:5.1-2

7:5.1-2.1

7:5.1-3

7:5.1.1-1

7:5.1.1-2

7:5.1.1-2+m68k

7:5.1.2-1

7:5.1.2-2

7:5.1.2-3

7:5.1.3-1

7:5.1.3-2

7:6.*

7:6.0-1

7:6.0-2

7:6.0-3

7:6.0-4

7:6.0-5

7:6.0-6

7:6.0-7

7:6.0-8

7:6.0-9

7:6.1-1

7:6.1-2

7:6.1-3

7:6.1-4

7:6.1-5

7:6.1.1-1

7:6.1.1-2

7:6.1.1-3

7:6.1.1-4

7:6.1.1-5

7:7.*

7:7.0-1

7:7.0.1-1

7:7.0.1-2

7:7.0.1-3

7:7.0.1-4

7:7.0.1-5

7:7.0.2-1

7:7.0.2-2

7:7.0.2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/debian/ffmpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7:5.1.6-0+deb12u1

Affected versions

7:5.*

7:5.1.3-1

7:5.1.3-2

7:5.1.4-0+deb12u1

7:5.1.5-0+deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/debian/ffmpeg?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7:7.0.2-1

Affected versions

7:5.*

7:5.1.3-1

7:5.1.3-2

7:6.*

7:6.0-1

7:6.0-2

7:6.0-3

7:6.0-4

7:6.0-5

7:6.0-6

7:6.0-7

7:6.0-8

7:6.0-9

7:6.1-1

7:6.1-2

7:6.1-3

7:6.1-4

7:6.1-5

7:6.1.1-1

7:6.1.1-2

7:6.1.1-3

7:6.1.1-4

7:6.1.1-5

7:7.*

7:7.0-1

7:7.0.1-1

7:7.0.1-2

7:7.0.1-3

7:7.0.1-4

7:7.0.1-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}