UBUNTU-CVE-2024-35366

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-35366

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-35366.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-35366

Upstream

CVE-2024-35366

Published

2024-11-29T20:15:00Z

Modified

2025-07-16T07:58:29.153290Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.

References

Affected packages

Ubuntu:Pro:14.04:LTS / libav

Package

Name: libav
Purl: pkg:deb/ubuntu/libav@6:9.20-0ubuntu0.14.04.1+esm1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6:0.*

6:0.8.7-1ubuntu2

6:9.*

6:9.10-1ubuntu1

6:9.10-1ubuntu2

6:9.10-1ubuntu5

6:9.10-1ubuntu6

6:9.10-1ubuntu7

6:9.11-2ubuntu1

6:9.11-2ubuntu2

6:9.13-0ubuntu0.14.04.1

6:9.14-0ubuntu0.14.04.1

6:9.16-0ubuntu0.14.04.1

6:9.18-0ubuntu0.14.04.1

6:9.20-0ubuntu0.14.04.1

6:9.20-0ubuntu0.14.04.1+esm1

Ubuntu:Pro:16.04:LTS / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/ubuntu/ffmpeg@7:2.8.17-0ubuntu0.1+esm10?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7:2.*

7:2.7.2-1build1

7:2.8.1-1ubuntu1

7:2.8.2-1ubuntu1

7:2.8.3-1

7:2.8.4-1

7:2.8.4-1ubuntu1

7:2.8.4-1ubuntu2

7:2.8.4-1ubuntu3

7:2.8.4-1ubuntu4

7:2.8.6-1ubuntu1

7:2.8.6-1ubuntu2

7:2.8.8-0ubuntu0.16.04.1

7:2.8.10-0ubuntu0.16.04.1

7:2.8.11-0ubuntu0.16.04.1

7:2.8.14-0ubuntu0.16.04.1

7:2.8.15-0ubuntu0.16.04.1

7:2.8.15-0ubuntu0.16.04.1+esm1

7:2.8.17-0ubuntu0.1

7:2.8.17-0ubuntu0.1+esm1

7:2.8.17-0ubuntu0.1+esm2

7:2.8.17-0ubuntu0.1+esm3

7:2.8.17-0ubuntu0.1+esm4

7:2.8.17-0ubuntu0.1+esm5

7:2.8.17-0ubuntu0.1+esm6

7:2.8.17-0ubuntu0.1+esm7

7:2.8.17-0ubuntu0.1+esm8

7:2.8.17-0ubuntu0.1+esm9

7:2.8.17-0ubuntu0.1+esm10

Ubuntu:Pro:18.04:LTS / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/ubuntu/ffmpeg@7:3.4.11-0ubuntu0.1+esm8?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7:3.*

7:3.3.4-2

7:3.3.4-2build3

7:3.4-2ubuntu2

7:3.4-4

7:3.4-4build1

7:3.4.1-1

7:3.4.1-1build1

7:3.4.2-1

7:3.4.2-1build1

7:3.4.2-2

7:3.4.4-0ubuntu0.18.04.1

7:3.4.6-0ubuntu0.18.04.1

7:3.4.8-0ubuntu0.2

7:3.4.11-0ubuntu0.1

7:3.4.11-0ubuntu0.1+esm1

7:3.4.11-0ubuntu0.1+esm2

7:3.4.11-0ubuntu0.1+esm3

7:3.4.11-0ubuntu0.1+esm4

7:3.4.11-0ubuntu0.1+esm5

7:3.4.11-0ubuntu0.1+esm6

7:3.4.11-0ubuntu0.1+esm7

7:3.4.11-0ubuntu0.1+esm8

Ubuntu:Pro:20.04:LTS / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/ubuntu/ffmpeg@7:4.2.7-0ubuntu0.1+esm8?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7:4.*

7:4.1.4-1build2

7:4.2.1-2

7:4.2.1-2ubuntu1

7:4.2.2-1build1

7:4.2.2-1ubuntu1

7:4.2.4-1ubuntu0.1

7:4.2.4-1ubuntu0.1+esm1

7:4.2.7-0ubuntu0.1

7:4.2.7-0ubuntu0.1+esm1

7:4.2.7-0ubuntu0.1+esm2

7:4.2.7-0ubuntu0.1+esm3

7:4.2.7-0ubuntu0.1+esm4

7:4.2.7-0ubuntu0.1+esm5

7:4.2.7-0ubuntu0.1+esm6

7:4.2.7-0ubuntu0.1+esm7

7:4.2.7-0ubuntu0.1+esm8

Ubuntu:22.04:LTS / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/ubuntu/ffmpeg@7:4.4.2-0ubuntu0.22.04.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7:4.*

7:4.4-6ubuntu5

7:4.4.1-2ubuntu1

7:4.4.1-3ubuntu1

7:4.4.1-3ubuntu2

7:4.4.1-3ubuntu3

7:4.4.1-3ubuntu5

7:4.4.2-0ubuntu0.22.04.1

Ubuntu:24.04:LTS / ffmpeg

Package

Name: ffmpeg
Purl: pkg:deb/ubuntu/ffmpeg@7:6.1.1-3ubuntu5?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7:6.*

7:6.0-6ubuntu1

7:6.0-9ubuntu1

7:6.1-2ubuntu1

7:6.1-3ubuntu1

7:6.1-4ubuntu1

7:6.1-5ubuntu1

7:6.1.1-1ubuntu1

7:6.1.1-3ubuntu1

7:6.1.1-3ubuntu5