CVE-2024-35367 — CRITICAL (9.1)

Vulnerability Description

FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ffmpeg	Ffmpeg	6.1.1

Related Weaknesses (CWE)

CWE-125

References

https://gist.github.com/1047524396/9754a44845578358f6a403447c458ca4Third Party Advisory
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/ppc/vp8dsp_altivec.c#L53Product
https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667Patch
https://lists.debian.org/debian-lts-announce/2025/02/msg00000.html

FAQ

What is CVE-2024-35367?

CVE-2024-35367 is a vulnerability with a CVSS score of 9.1 (CRITICAL). FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer

How severe is CVE-2024-35367?

CVE-2024-35367 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-35367?

Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.