8.8

CVE-2024-35365

FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FfmpegFfmpeg Version6.1.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.67% 0.474
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://gist.github.com/1047524396/d7d4ea8055b75c4a9f9bbcff31d21423
Third Party Advisory
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/fftools/ffmpeg_mux_init.c#L886
Product
https://github.com/ffmpeg/ffmpeg/commit/ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5
Patch