CVE-2024-35366

Name of the Vulnerable Software and Affected Versions FFmpeg version 6.1.1

Description The issue is related to an integer overflow vulnerability in the parse options function of sbgdec.c within the libavformat module. This vulnerability allows for negative duration values to be accepted without proper bounds checking due to inadequate input validation when parsing certain options. It may enable a remote attacker to cause a denial of service by exploiting the buffer copy without input validation.

Recommendations For FFmpeg version 6.1.1, consider disabling the parse options function in the sbgdec.c component of the libavformat module as a temporary workaround until a patch is available. Restrict access to the libavformat module to minimize the risk of exploitation. Avoid using the affected module for parsing options that may lead to negative duration values until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.