CVE-2024-35368
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-35368 is a newly disclosed vulnerability that impacts FFmpeg version 7.0. The issue resides in the rkmppdec.c file of the libavcodec component, specifically in the rkmpp_retrieve_frame function. This vulnerability is classified as a Double Free, meaning that an attacker can manipulate the software to free the same memory block twice, resulting in unpredictable behavior or crashes. Successful exploitation of this vulnerability may allow attackers to execute arbitrary code or cause the affected system to fail, potentially leading to significant consequences if left unpatched. System administrators are strongly advised to update their FFmpeg installations to the latest version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- FFmpeg