PT-2024-5661 · FFmpeg+1 · Ffmpeg+1

Published

2024-08-08

Updated

2026-03-17

CVE-2024-7272

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FFmpeg versions up to 5.1.5

Description A critical issue affects the function fill audiodata of the file /libswresample/swresample.c, leading to a heap-based buffer overflow. This can be exploited remotely. The issue was fixed in version 6.0, but a backport for 5.1 was forgotten. The exploit has been disclosed publicly and may be used. Upgrading to version 5.1.6 or 6.0 can address this issue.

Recommendations To resolve the issue, upgrade to FFmpeg version 5.1.6 or 6.0. As a temporary workaround, consider restricting access to the fill audiodata function in the /libswresample/swresample.c file until a patch is applied.

Exploit

Fix

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

BDU:2024-06374

CVE-2024-7272

DSA-5748-1

MGASA-2024-0283

OPENSUSE-SU-2024:14290-1

Affected Products

Astra Linux

Ffmpeg

PT-2024-5661 · FFmpeg+1 · Ffmpeg+1

CVE-2024-7272

Weakness Enumeration

Related Identifiers

Affected Products

References · 41