Lucene search

Ubuntu.comUB:CVE-2024-31582

HistoryApr 17, 2024 - 12:00 a.m.

CVE-2024-31582

2024-04-1700:00:00

ubuntu.com

cve-2024-31582

libavfilter

denial of service

crafted input

unix

AI Score

7.7

Confidence

High

EPSS

Percentile

10.3%

JSON

FFmpeg version n6.1 was discovered to contain a heap buffer overflow
vulnerability in the draw_block_rectangle function of
libavfilter/vf_codecview.c. This vulnerability allows attackers to cause
undefined behavior or a Denial of Service (DoS) via crafted input.

OSVersionArchitecturePackageVersionFilename
ubuntu23.10noarchffmpeg< 7:6.0-6ubuntu1.1UNKNOWN
ubuntu24.04noarchffmpeg< 7:6.1.1-3ubuntu5+esm1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.10	noarch	ffmpeg	< 7:6.0-6ubuntu1.1	UNKNOWN
ubuntu	24.04	noarch	ffmpeg	< 7:6.1.1-3ubuntu5+esm1	UNKNOWN

References

gist.github.com/1047524396/b47d5efe3bc420fb91dbb77c73c0fff3

github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavfilter/vf_codecview.c#L220

github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2

launchpad.net/bugs/cve/CVE-2024-31582

nvd.nist.gov/vuln/detail/CVE-2024-31582

security-tracker.debian.org/tracker/CVE-2024-31582

ubuntu.com/security/notices/USN-6803-1

www.cve.org/CVERecord?id=CVE-2024-31582