FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0567 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2023-51794:
    Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary     code via the libavfilter/af_stereowiden.c:120:69.

    CVE-2023-51791:
    Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary     code via the libavcodec/jpegxl_parser.c in gen_alias_map.

    CVE-2023-49501:
    Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary     code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component.

    CVE-2023-51793:
    Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary     code via the libavutil/imgutils.c:353:9 in image_copy_plane.

    CVE-2024-31581:
    FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in     libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior     within the application.

    CVE-2024-31585:
    FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in     libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via     a crafted input.

    CVE-2024-31582:
    FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the     draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause     undefined behavior or a Denial of Service (DoS) via crafted input.

    CVE-2024-22860:
    Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code     via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.

    CVE-2024-22861:
    Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS)     via the avcodec/osq module.

    CVE-2024-22862:
    Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code     via the JJPEG XL Parser.

    CVE-2023-46407:
    FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size     variable in the read_vlc_prefix() function.

    CVE-2024-32230:
    FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at     libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0

    CVE-2024-32228:
    FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in     hevc_frame_end.

    CVE-2024-32229:
    FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column.

    CVE-2023-50010:
    Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary     code via the set_encoder_id function in /fftools/ffmpeg_enc.c component.

    CVE-2023-49528:
    Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute     arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo     component.

    CVE-2023-51796:
    Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary     code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.

    CVE-2023-50009:
    Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary     code via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component.

    CVE-2023-51795:
    Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary     code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame

    CVE-2023-50008:
    Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary     code via the av_malloc function in libavutil/mem.c:105:9 component.

    CVE-2023-50007:
    Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary     code via theav_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component.

    CVE-2023-49502:
    Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary     code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.

    CVE-2023-51797:
    Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary     code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame

    CVE-2023-51798:
    Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary     code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.

    CVE-2024-35369:
    In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security     vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec     extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in     undefined behavior or crashes during the decoding process.

    CVE-2024-35366:
    FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c     within the libavformat module. When parsing certain options, the software does not adequately validate the     input. This allows for negative duration values to be accepted without proper bounds checking.

    CVE-2024-35365:
    FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of     FFmpeg, specifically within the new_stream_audio function.

    CVE-2024-36613:
    FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer     overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7823-1 advisory.

    It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could     possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected     Ubuntu 24.04 LTS. (CVE-2024-35365)

    It was discovered that FFmpeg did not correctly handle certain integer calculations. An attacker could     possibly use this issue to cause a denial of service. (CVE-2024-35366)

    It was discovered that FFmpeg may perform an out-of-bounds read under certain circumstances. An attacker     could possibly use this issue to cause a denial of service. (CVE-2024-35367)

    It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could     possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected     Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-35368)

    It was discovered that FFmpeg did not correctly handle certain inputs, which could lead to an integer     overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary     code. (CVE-2024-36613, CVE-2024-36616, CVE-2024-36618)

    It was discovered that FFmpeg did not correctly handle certain inputs, which could lead to an integer     overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary     code. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-36619)

    It was discovered that FFmpeg did not correctly handle certain memory operations. A remote attacker could     possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected     Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-7055)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c     within the libavformat module. When parsing certain options, the software does not adequately validate the     input. This allows for negative duration values to be accepted without proper bounds checking.
    (CVE-2024-35366)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
276052	TencentOS Server 4: ffmpeg (TSSA-2024:0567)	Nessus	Tencent Local Security Checks	critical
270676	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : FFmpeg vulnerabilities (USN-7823-1)	Nessus	Ubuntu Local Security Checks	medium
229207	Linux Distros Unpatched Vulnerability : CVE-2024-35366	Nessus	Misc.	critical

Detections

Analytics

CVE-2024-35366

critical

Tenable Plugins

critical

medium

critical