CVE-2024-7055

Name
CVE-2024-7055
Description
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://vuldb.com/?id.273651
signature https://vuldb.com/?ctiid.273651
third-party-advisory https://vuldb.com/?submit.376532
exploit https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3
patch https://ffmpeg.org/download.html
product https://ffmpeg.org/
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2024/10/msg00019.html

Match rules

CPE URI Source package Min version Max version
ffmpeg == 7.0.0 == 7.0.0
ffmpeg == 7.0.1 == 7.0.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ffmpeg edge-community 7.1.1-r0 Achill Gilgenast <achill@achill.org> fixed