Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-7055— FFmpeg pnmdec.c pnm_decode_frame heap-based overflow

CVSS 6.3 · Medium EPSS 0.12% · P31
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-7055

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
FFmpeg pnmdec.c pnm_decode_frame heap-based overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
堆缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
FFmpeg 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
FFmpeg是FFmpeg团队的一套可录制、转换以及流化音视频的完整解决方案。 FFmpeg 7.0.1版本及之前版本存在安全漏洞,该漏洞源于库/libavcodec/pnmdec.c中的pnm_decode_frame函数会导致基于堆的缓冲区溢出。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-FFmpeg 7.0.0 -

II. Public POCs for CVE-2024-7055

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-7055

登录查看更多情报信息。

Same Patch Batch · n/a · 2024-08-06 · 20 CVEs total

CVE-2024-75526.3 MEDIUMDataGear Data Schema Page ConversionSqlParamValueMapper.java evaluateVariableExpression ex
CVE-2024-40101Microweber 安全漏洞
CVE-2024-42219AgileBits 1Password For Mac 安全漏洞
CVE-2024-42218AgileBits 1Password For Mac 安全漏洞
CVE-2024-28739Koha 安全漏洞
CVE-2024-28740Koha 安全漏洞
CVE-2024-41270Gorush 安全漏洞
CVE-2024-39227GL.iNet多款产品 安全漏洞
CVE-2024-39229GL.iNet多款产品 安全漏洞
CVE-2023-40819Devlop ID4Portais 安全漏洞
CVE-2024-36424K7 Computing Ultimate Security 安全漏洞
CVE-2024-33897HMS Cosy+ 安全漏洞
CVE-2024-30170PrivX 安全漏洞
CVE-2024-41616D-Link DIR-300 安全漏洞
CVE-2024-41333PHPGurukul Tourism Management System 安全漏洞
CVE-2024-41226Automation Anywhere Automation 360 安全漏洞
CVE-2024-39225GL.iNet多款产品 安全漏洞
CVE-2024-39226GL.iNet多款产品 安全漏洞
CVE-2024-39228GL.iNet多款产品 安全漏洞

IV. Related Vulnerabilities

Same product: FFmpeg
Same vendor: n/a
Same weakness: CWE-122

V. Comments for CVE-2024-7055

No comments yet

Leave a comment