UBUNTU-CVE-2024-35366
- Source
- https://ubuntu.com/security/CVE-2024-35366
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-35366.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-35366
- Upstream
- Downstream
- Related
- Published
- 2024-11-29T20:15:00Z
- Modified
- 2026-04-22T17:53:21.836790Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.
- References
-
- https://ubuntu.com/security/CVE-2024-35366
- https://www.cve.org/CVERecord?id=CVE-2024-35366
- https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6
- https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf
- https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389
- https://github.com/FFmpeg/FFmpeg/commit/2c82ab946b8722a3501069e346809288db69e858
- https://ubuntu.com/security/notices/USN-7823-1
Affected packages
Ubuntu:Pro:14.04:LTS
libav
Package
- Name
- libav
- Purl
- pkg:deb/ubuntu/libav@6:9.20-0ubuntu0.14.04.1+esm1?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6:0.*
6:0.8.7-1ubuntu2
6:9.*
6:9.10-1ubuntu1
6:9.10-1ubuntu2
6:9.10-1ubuntu5
6:9.10-1ubuntu6
6:9.10-1ubuntu7
6:9.11-2ubuntu1
6:9.11-2ubuntu2
6:9.13-0ubuntu0.14.04.1
6:9.14-0ubuntu0.14.04.1
6:9.16-0ubuntu0.14.04.1
6:9.18-0ubuntu0.14.04.1
6:9.20-0ubuntu0.14.04.1
6:9.20-0ubuntu0.14.04.1+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libav-tools"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavcodec-extra-54"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavcodec54"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavdevice-extra-53"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavdevice53"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavfilter-extra-3"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavfilter3"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavformat-extra-54"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavformat54"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavresample1"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavutil-extra-52"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libavutil52"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libswscale-extra-2"
},
{
"binary_version": "6:9.20-0ubuntu0.14.04.1+esm1",
"binary_name": "libswscale2"
}
]
}Ubuntu:Pro:16.04:LTS
ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:2.8.17-0ubuntu0.1+esm12?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:2.8.17-0ubuntu0.1+esm12
Affected versions
7:2.*
7:2.7.2-1build1
7:2.8.1-1ubuntu1
7:2.8.2-1ubuntu1
7:2.8.3-1
7:2.8.4-1
7:2.8.4-1ubuntu1
7:2.8.4-1ubuntu2
7:2.8.4-1ubuntu3
7:2.8.4-1ubuntu4
7:2.8.6-1ubuntu1
7:2.8.6-1ubuntu2
7:2.8.8-0ubuntu0.16.04.1
7:2.8.10-0ubuntu0.16.04.1
7:2.8.11-0ubuntu0.16.04.1
7:2.8.14-0ubuntu0.16.04.1
7:2.8.15-0ubuntu0.16.04.1
7:2.8.15-0ubuntu0.16.04.1+esm1
7:2.8.17-0ubuntu0.1
7:2.8.17-0ubuntu0.1+esm1
7:2.8.17-0ubuntu0.1+esm2
7:2.8.17-0ubuntu0.1+esm3
7:2.8.17-0ubuntu0.1+esm4
7:2.8.17-0ubuntu0.1+esm5
7:2.8.17-0ubuntu0.1+esm6
7:2.8.17-0ubuntu0.1+esm7
7:2.8.17-0ubuntu0.1+esm8
7:2.8.17-0ubuntu0.1+esm9
7:2.8.17-0ubuntu0.1+esm10
7:2.8.17-0ubuntu0.1+esm11
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm12",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm12",
"binary_name": "libav-tools"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm12",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm12",
"binary_name": "libavcodec-ffmpeg-extra56"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm12",
"binary_name": "libavcodec-ffmpeg56"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm12",
"binary_name": "libavdevice-ffmpeg56"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm12",
"binary_name": "libavfilter-ffmpeg5"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm12",
"binary_name": "libavformat-ffmpeg56"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm12",
"binary_name": "libavresample-ffmpeg2"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm12",
"binary_name": "libavutil-ffmpeg54"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm12",
"binary_name": "libpostproc-ffmpeg53"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm12",
"binary_name": "libswresample-ffmpeg1"
},
{
"binary_version": "7:2.8.17-0ubuntu0.1+esm12",
"binary_name": "libswscale-ffmpeg3"
}
]
}Ubuntu:Pro:18.04:LTS
ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:3.4.11-0ubuntu0.1+esm10?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:3.4.11-0ubuntu0.1+esm10
Affected versions
7:3.*
7:3.3.4-2
7:3.3.4-2build3
7:3.4-2ubuntu2
7:3.4-4
7:3.4-4build1
7:3.4.1-1
7:3.4.1-1build1
7:3.4.2-1
7:3.4.2-1build1
7:3.4.2-2
7:3.4.4-0ubuntu0.18.04.1
7:3.4.6-0ubuntu0.18.04.1
7:3.4.8-0ubuntu0.2
7:3.4.11-0ubuntu0.1
7:3.4.11-0ubuntu0.1+esm1
7:3.4.11-0ubuntu0.1+esm2
7:3.4.11-0ubuntu0.1+esm3
7:3.4.11-0ubuntu0.1+esm4
7:3.4.11-0ubuntu0.1+esm5
7:3.4.11-0ubuntu0.1+esm6
7:3.4.11-0ubuntu0.1+esm7
7:3.4.11-0ubuntu0.1+esm8
7:3.4.11-0ubuntu0.1+esm9
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm10",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm10",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm10",
"binary_name": "libavcodec-extra57"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm10",
"binary_name": "libavcodec57"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm10",
"binary_name": "libavdevice57"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm10",
"binary_name": "libavfilter-extra"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm10",
"binary_name": "libavfilter-extra6"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm10",
"binary_name": "libavfilter6"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm10",
"binary_name": "libavformat57"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm10",
"binary_name": "libavresample3"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm10",
"binary_name": "libavutil55"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm10",
"binary_name": "libpostproc54"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm10",
"binary_name": "libswresample2"
},
{
"binary_version": "7:3.4.11-0ubuntu0.1+esm10",
"binary_name": "libswscale4"
}
]
}Ubuntu:Pro:20.04:LTS
ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:4.2.7-0ubuntu0.1+esm10?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:4.2.7-0ubuntu0.1+esm10
Affected versions
7:4.*
7:4.1.4-1build2
7:4.2.1-2
7:4.2.1-2ubuntu1
7:4.2.2-1build1
7:4.2.2-1ubuntu1
7:4.2.4-1ubuntu0.1
7:4.2.4-1ubuntu0.1+esm1
7:4.2.7-0ubuntu0.1
7:4.2.7-0ubuntu0.1+esm1
7:4.2.7-0ubuntu0.1+esm2
7:4.2.7-0ubuntu0.1+esm3
7:4.2.7-0ubuntu0.1+esm4
7:4.2.7-0ubuntu0.1+esm5
7:4.2.7-0ubuntu0.1+esm6
7:4.2.7-0ubuntu0.1+esm7
7:4.2.7-0ubuntu0.1+esm8
7:4.2.7-0ubuntu0.1+esm9
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm10",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm10",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm10",
"binary_name": "libavcodec-extra58"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm10",
"binary_name": "libavcodec58"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm10",
"binary_name": "libavdevice58"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm10",
"binary_name": "libavfilter-extra"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm10",
"binary_name": "libavfilter-extra7"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm10",
"binary_name": "libavfilter7"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm10",
"binary_name": "libavformat58"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm10",
"binary_name": "libavresample4"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm10",
"binary_name": "libavutil56"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm10",
"binary_name": "libpostproc55"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm10",
"binary_name": "libswresample3"
},
{
"binary_version": "7:4.2.7-0ubuntu0.1+esm10",
"binary_name": "libswscale5"
}
]
}Ubuntu:Pro:22.04:LTS
ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:4.4.2-0ubuntu0.22.04.1+esm9?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:4.4.2-0ubuntu0.22.04.1+esm9
Affected versions
7:4.*
7:4.4-6ubuntu5
7:4.4.1-2ubuntu1
7:4.4.1-3ubuntu1
7:4.4.1-3ubuntu2
7:4.4.1-3ubuntu3
7:4.4.1-3ubuntu5
7:4.4.2-0ubuntu0.22.04.1
7:4.4.2-0ubuntu0.22.04.1+esm1
7:4.4.2-0ubuntu0.22.04.1+esm2
7:4.4.2-0ubuntu0.22.04.1+esm3
7:4.4.2-0ubuntu0.22.04.1+esm4
7:4.4.2-0ubuntu0.22.04.1+esm5
7:4.4.2-0ubuntu0.22.04.1+esm6
7:4.4.2-0ubuntu0.22.04.1+esm7
7:4.4.2-0ubuntu0.22.04.1+esm8
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm9",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm9",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm9",
"binary_name": "libavcodec-extra58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm9",
"binary_name": "libavcodec58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm9",
"binary_name": "libavdevice58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm9",
"binary_name": "libavfilter-extra"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm9",
"binary_name": "libavfilter-extra7"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm9",
"binary_name": "libavfilter7"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm9",
"binary_name": "libavformat-extra"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm9",
"binary_name": "libavformat-extra58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm9",
"binary_name": "libavformat58"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm9",
"binary_name": "libavutil56"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm9",
"binary_name": "libpostproc55"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm9",
"binary_name": "libswresample3"
},
{
"binary_version": "7:4.4.2-0ubuntu0.22.04.1+esm9",
"binary_name": "libswscale5"
}
]
}Ubuntu:Pro:24.04:LTS
ffmpeg
Package
- Name
- ffmpeg
- Purl
- pkg:deb/ubuntu/ffmpeg@7:6.1.1-3ubuntu5+esm5?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7:6.1.1-3ubuntu5+esm5
Affected versions
7:6.*
7:6.0-6ubuntu1
7:6.0-9ubuntu1
7:6.1-2ubuntu1
7:6.1-3ubuntu1
7:6.1-4ubuntu1
7:6.1-5ubuntu1
7:6.1.1-1ubuntu1
7:6.1.1-3ubuntu1
7:6.1.1-3ubuntu5
7:6.1.1-3ubuntu5+esm1
7:6.1.1-3ubuntu5+esm2
7:6.1.1-3ubuntu5+esm3
7:6.1.1-3ubuntu5+esm4
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "7:6.1.1-3ubuntu5+esm5",
"binary_name": "ffmpeg"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm5",
"binary_name": "libavcodec-extra"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm5",
"binary_name": "libavcodec-extra60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm5",
"binary_name": "libavcodec60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm5",
"binary_name": "libavdevice60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm5",
"binary_name": "libavfilter-extra"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm5",
"binary_name": "libavfilter-extra9"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm5",
"binary_name": "libavfilter9"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm5",
"binary_name": "libavformat-extra"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm5",
"binary_name": "libavformat-extra60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm5",
"binary_name": "libavformat60"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm5",
"binary_name": "libavutil58"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm5",
"binary_name": "libpostproc57"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm5",
"binary_name": "libswresample4"
},
{
"binary_version": "7:6.1.1-3ubuntu5+esm5",
"binary_name": "libswscale7"
}
]
}