UBUNTU-CVE-2024-7055

Source
https://ubuntu.com/security/CVE-2024-7055
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7055.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-7055
Related
Published
2024-08-06T06:15:00Z
Modified
2024-12-18T16:38:13Z
Summary
[none]
Details

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnmdecodeframe in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.

References

Affected packages

Ubuntu:Pro:14.04:LTS / libav

Package

Name
libav
Purl
pkg:deb/ubuntu/libav?arch=src?distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6:0.*

6:0.8.7-1ubuntu2

6:9.*

6:9.10-1ubuntu1
6:9.10-1ubuntu2
6:9.10-1ubuntu5
6:9.10-1ubuntu6
6:9.10-1ubuntu7
6:9.11-2ubuntu1
6:9.11-2ubuntu2
6:9.13-0ubuntu0.14.04.1
6:9.14-0ubuntu0.14.04.1
6:9.16-0ubuntu0.14.04.1
6:9.18-0ubuntu0.14.04.1
6:9.20-0ubuntu0.14.04.1
6:9.20-0ubuntu0.14.04.1+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ffmpeg

Package

Name
ffmpeg
Purl
pkg:deb/ubuntu/ffmpeg?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7:4.*

7:4.4-6ubuntu5
7:4.4.1-2ubuntu1
7:4.4.1-3ubuntu1
7:4.4.1-3ubuntu2
7:4.4.1-3ubuntu3
7:4.4.1-3ubuntu5
7:4.4.2-0ubuntu0.22.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / ffmpeg

Package

Name
ffmpeg
Purl
pkg:deb/ubuntu/ffmpeg?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7:7.0.2-1ubuntu1

Affected versions

7:6.*

7:6.1.1-3ubuntu5
7:6.1.1-4ubuntu1
7:6.1.1-4ubuntu2
7:6.1.1-4ubuntu3
7:6.1.1-5ubuntu1
7:6.1.1-5ubuntu2
7:6.1.1-5ubuntu3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "ffmpeg"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "ffmpeg-dbgsym"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "ffmpeg-doc"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavcodec-dev"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavcodec-extra"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavcodec-extra61"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavcodec-extra61-dbgsym"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavcodec61"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavcodec61-dbgsym"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavdevice-dev"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavdevice61"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavdevice61-dbgsym"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavfilter-dev"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavfilter-extra"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavfilter-extra10"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavfilter-extra10-dbgsym"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavfilter10"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavfilter10-dbgsym"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavformat-dev"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavformat-extra"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavformat-extra61"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavformat-extra61-dbgsym"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavformat61"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavformat61-dbgsym"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavutil-dev"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavutil59"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libavutil59-dbgsym"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libpostproc-dev"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libpostproc58"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libpostproc58-dbgsym"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libswresample-dev"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libswresample5"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libswresample5-dbgsym"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libswscale-dev"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libswscale8"
        },
        {
            "binary_version": "7:7.0.2-1ubuntu1",
            "binary_name": "libswscale8-dbgsym"
        }
    ]
}

Ubuntu:24.04:LTS / ffmpeg

Package

Name
ffmpeg
Purl
pkg:deb/ubuntu/ffmpeg?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7:6.*

7:6.0-6ubuntu1
7:6.0-9ubuntu1
7:6.1-2ubuntu1
7:6.1-3ubuntu1
7:6.1-4ubuntu1
7:6.1-5ubuntu1
7:6.1.1-1ubuntu1
7:6.1.1-3ubuntu1
7:6.1.1-3ubuntu5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}