CVE-2024-35367
CVSS 3.1 Score 9.1 of 10 (high)
Details
Summary
CVE-2024-35367 is a newly disclosed vulnerability affecting FFmpeg version 6.1.1. This issue involves an out-of-bounds read in the libavcodec/ppc/vp8dsp_altivec.c file, specifically in the h_subpel_filters_outer static const array. An attacker could exploit this vulnerability by crafting a maliciously crafted video file, potentially leading to the read of unintended memory data and resulting in unintended application behavior or crashes. Successful exploitation could allow for code injection or information disclosure, posing a significant threat to users exposed to such malicious media. It is crucial that users update to the latest version of FFmpeg as soon as possible to mitigate the risk of this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- FFmpeg