Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-35369

In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process.

Published

2024-11-29T17:15:07.707

Last Modified

2025-06-03T16:06:20.667

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ffmpeg	ffmpeg	6.1.1	Yes

References

https://gist.github.com/1047524396/455093807666f2e351d674750c8cd0b8 Third Party Advisory ([email protected])
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/speexdec.c#L1423 Product ([email protected])
https://github.com/ffmpeg/ffmpeg/commit/0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c Patch ([email protected])