JLSEC-2025-140

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-140.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-140.json

JSON Data

https://api.test.osv.dev/v1/vulns/JLSEC-2025-140

Upstream

CVE-2024-35366

Published

2025-10-19T19:08:53.760Z

Modified

2025-11-03T00:19:42.817538Z

Summary

FFmpeg n6.1.1 is Integer Overflow

Details

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.

Database specific

{
    "sources": [
        {
            "imported": "2025-10-18T14:07:17.234Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-35366",
            "modified": "2025-06-03T16:03:53.080Z",
            "id": "CVE-2024-35366",
            "published": "2024-11-29T20:15:19.863Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35366"
        }
    ],
    "license": "CC-BY-4.0"
}

References

Affected packages

Julia / FFMPEG_jll

Package

Name: FFMPEG_jll
Purl: pkg:julia/FFMPEG_jll?uuid=b22a6f82-2f65-5046-a5b2-351ab43fb4e5

Affected ranges

Type: SEMVER
Events: Introduced

6.1.1+0

Fixed

6.1.2+0