CVE-2024-31582

Name of the Vulnerable Software and Affected Versions FFmpeg version n6.1

Description The issue is related to a heap buffer overflow vulnerability in the draw block rectangle function of libavfilter/vf codecview.c. This allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. The vulnerability may also enable attackers to access confidential data, compromise its integrity, and cause a service disruption using specially crafted input.

Recommendations For FFmpeg version n6.1, consider disabling the draw block rectangle function in libavfilter/vf codecview.c as a temporary workaround until a patch is available. Restrict access to the libavfilter/vf codecview.c module to minimize the risk of exploitation. Avoid using crafted input that may trigger the heap buffer overflow vulnerability until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.