PT-2024-8345 · FFmpeg+5 · Ffmpeg+5

Cookedmelon

Published

2024-08-06

Updated

2025-10-15

CVE-2024-7055

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FFmpeg versions up to 7.0.1

Description A critical issue has been found in the function pnm decode frame() in the /libavcodec/pnmdec.c library, which can lead to a heap-based buffer overflow. This can be exploited remotely, potentially allowing for remote code execution via a crafted PNM image. The issue can cause a denial of service.

Recommendations For FFmpeg versions up to 7.0.1, upgrade to version 7.0.2 to address this issue. As a temporary workaround, consider restricting the use of the pnm decode frame() function until a patch is applied. Avoid using the affected component with untrusted input to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2024-10865

ALT-PU-2024-10869

ALT-PU-2024-10871

ALT-PU-2024-10873

ALT-PU-2024-12802

BDU:2024-09901

CVE-2024-7055

DLA-3928-1

DSA-5748-1

MGASA-2024-0283

OESA-2024-2075

OPENSUSE-SU-2024:14339-1

OPENSUSE-SU-2024:14343-1

OPENSUSE-SU-2024:14344-1

OPENSUSE-SU-2024:14384-1

OPENSUSE-SU-2024_3301-1

OPENSUSE-SU-2024_3358-1

OPENSUSE-SU-2025_0862-1

SUSE-SU-2024:3301-1

SUSE-SU-2024:3358-1

SUSE-SU-2025:0862-1

USN-7823-1

Affected Products

Alt Linux

Astra Linux

Ffmpeg

Linuxmint

Suse

Ubuntu

PT-2024-8345 · FFmpeg+5 · Ffmpeg+5

CVE-2024-7055

Weakness Enumeration

Related Identifiers

Affected Products

References · 100