CVE-2024-35369: Integer Overflow
First published: Fri Nov 29 2024(Updated: )
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FFmpeg |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-35369?
CVE-2024-35369 has a moderate severity rating due to its potential to cause integer overflow vulnerabilities.
How do I fix CVE-2024-35369?
To fix CVE-2024-35369, it is recommended to upgrade to the latest version of FFmpeg that addresses this vulnerability.
What software is affected by CVE-2024-35369?
CVE-2024-35369 affects FFmpeg version n6.1.1 in the avcodec/speexdec.c module.
What type of vulnerability is CVE-2024-35369?
CVE-2024-35369 is a security vulnerability caused by insufficient parameter validation that may lead to integer overflow.
Can CVE-2024-35369 lead to code execution?
Yes, CVE-2024-35369 may potentially result in undefined behavior, which could lead to code execution under certain conditions.
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/author
- agent/last-modified-date
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ffmpeg
- canonical/ffmpeg