Ubuntu.comUB:CVE-2024-22860CVE-2024-22860
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
57.3%
Integer overflow vulnerability in FFmpeg before n6.1, allows remote
attackers to execute arbitrary code via the jpegxl_anim_read_packet
component in the JPEG XL Animation decoder.
References
bugs.chromium.org/p/oss-fuzz/issues/detail?id=61991
github.com/FFmpeg/FFmpeg/commit/d2e8974699a9e35cc1a926bf74a972300d629cd5
github.com/FFmpeg/FFmpeg/commit/d2e8974699a9e35cc1a926bf74a972300d629cd5 (n6.1)
launchpad.net/bugs/cve/CVE-2024-22860
nvd.nist.gov/vuln/detail/CVE-2024-22860
security-tracker.debian.org/tracker/CVE-2024-22860
www.cve.org/CVERecord?id=CVE-2024-22860
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
57.3%