PT-2024-6292 · FFmpeg+5 · Ffmpeg+5

Zeng Yunxiang

Published

2024-04-06

Updated

2025-03-14

CVE-2024-32230

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FFmpeg version 7.0

Description The issue is related to the load input picture function in the FFmpeg multimedia library, which involves copying a buffer without checking the size of the input data. This can allow an attacker to execute arbitrary code. A negative-size-param bug is present at libavcodec/mpegvideo enc.c:1216:21 in the load input picture function.

Recommendations For FFmpeg version 7.0, consider disabling the load input picture function until a patch is available to prevent potential exploitation. Restrict access to the libavcodec/mpegvideo enc.c module to minimize the risk of exploitation. Avoid using the load input picture function in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2024-07240

CVE-2024-32230

DSA-5712-1

DSA-5721-1

OESA-2024-1873

OESA-2024-1874

OESA-2024-1875

OESA-2024-1876

OESA-2024-1877

OPENSUSE-SU-2024:14097-1

OPENSUSE-SU-2024:14221-1

OPENSUSE-SU-2024:14226-1

OPENSUSE-SU-2024:14231-1

OPENSUSE-SU-2025_0862-1

SUSE-SU-2024:2803-1

SUSE-SU-2024:2814-1

SUSE-SU-2024:2864-1

SUSE-SU-2024_2814-1

SUSE-SU-2025:0862-1

USN-6983-1

Affected Products

Astra Linux

Ffmpeg

Linuxmint

Red Os

Suse

Ubuntu

PT-2024-6292 · FFmpeg+5 · Ffmpeg+5

CVE-2024-32230

Weakness Enumeration

Related Identifiers

Affected Products

References · 82