CVE-2024-35368

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: FFmpeg version n7.0

Description: The issue is related to a Double Free error in the rkmpp retrieve frame function within the libavcodec/rkmppdec.c file of the FFmpeg multimedia library. This error can be exploited by a remote attacker to execute arbitrary code.

Recommendations: For FFmpeg version n7.0, as a temporary workaround, consider disabling the rkmpp retrieve frame function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2025-00006

CVE-2024-35368

DLA-4039-1

DSA-5985-1

MGASA-2025-0087

OESA-2024-2553

OESA-2024-2554

OESA-2024-2574

OESA-2024-2575

OESA-2024-2576

OPENSUSE-SU-2025:14849-1

OPENSUSE-SU-2025:14850-1

OPENSUSE-SU-2025:15010-1

OPENSUSE-SU-2025_0862-1

OPENSUSE-SU-2025_1128-1

OPENSUSE-SU-2025_1450-1

SUSE-SU-2025:0862-1

SUSE-SU-2025:1128-1

SUSE-SU-2025:1450-1

USN-7823-1

Affected Products

Astra Linux

Debian

Ffmpeg

Linuxmint

Red Os

Suse

Ubuntu

CVE-2024-35368

Weakness Enumeration

Related Identifiers

Affected Products

References · 107