Vulnerability Description
A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ffmpeg | Ffmpeg | < 5.1.6 |
Related Weaknesses (CWE)
References
- https://ffmpeg.org/Product
- https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc5Exploit
- https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc6Not Applicable
- https://vuldb.com/?ctiid.273945Permissions RequiredVDB Entry
- https://vuldb.com/?id.273945Permissions RequiredVDB Entry
FAQ
What is CVE-2024-7272?
CVE-2024-7272 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-bas...
How severe is CVE-2024-7272?
CVE-2024-7272 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-7272?
Check the references section above for vendor advisories and patch information. Affected products include: Ffmpeg Ffmpeg.