2275840 – (CVE-2024-31578, CVE-2024-31581, CVE-2024-31582, CVE-2024-31585) CVE-2024-31581 CVE-2024-31578 CVE-2024-31582 CVE-2024-31585 ffmpeg: multiple vulnerabilities

Bug 2275840 (CVE-2024-31578, CVE-2024-31581, CVE-2024-31582, CVE-2024-31585) - CVE-2024-31581 CVE-2024-31578 CVE-2024-31582 CVE-2024-31585 ffmpeg: multiple vulnerabilities

Summary: CVE-2024-31581 CVE-2024-31578 CVE-2024-31582 CVE-2024-31585 ffmpeg: multiple ...

Keywords:
Status:	NEW
Alias:	CVE-2024-31578, CVE-2024-31581, CVE-2024-31582, CVE-2024-31585
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2275842 2275843 2275844 2275845 2275841
Blocks:
TreeView+	depends on / blocked

Reported:	2024-04-18 02:25 UTC by Patrick Del Bello
Modified:	2024-04-18 02:25 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Patrick Del Bello 2024-04-18 02:25:07 UTC

CVE-2024-31578
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.

https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179
https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7

-

CVE-2024-31585
FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

https://gist.github.com/1047524396/dc2c64ffe0c3934a6176bcd2c5cf5656
https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80
https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06

-

CVE-2024-31582
FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input.

https://gist.github.com/1047524396/b47d5efe3bc420fb91dbb77c73c0fff3
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavfilter/vf_codecview.c#L220
https://github.com/ffmpeg/ffmpeg/commit/99debe5f823f45a482e1dc08de35879aa9c74bd2

-

CVE-2024-31581
FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.

https://gist.github.com/1047524396/a7e9273e12553775826784035333cdd8
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/cbs_h266_syntax_template.c#L2048
https://github.com/ffmpeg/ffmpeg/commit/ce0c178a408d43e71085c28a47d50dc939b60196

Comment 1 Patrick Del Bello 2024-04-18 02:25:36 UTC

Created chromium tracking bugs for this issue:

Affects: epel-all [bug 2275841]


Created ffmpeg tracking bugs for this issue:

Affects: fedora-all [bug 2275843]


Created qt5-qtwebengine tracking bugs for this issue:

Affects: epel-all [bug 2275842]
Affects: fedora-all [bug 2275844]


Created qt6-qtwebengine tracking bugs for this issue:

Affects: fedora-all [bug 2275845]

Note You need to log in before you can comment on or make changes to this bug.