CVE-2024-35366

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-190
View all →

Vulnerability Description

FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking.

Related Vulnerabilities

CVE-2015-2310

CRITICAL
CVSS:9.1(Critical)

Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory vi...

CWE-1902015

CVE-2017-2782

CRITICAL
CVSS:9.1(Critical)

An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, le...

CWE-1902017

CVE-2019-16127

CRITICAL
CVSS:9.1(Critical)

Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.

CWE-1902019

CVE-2020-36242

CRITICAL
CVSS:9.1(Critical)

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated...

CWE-1902020

CVE-2021-32714

CRITICAL
CVSS:9.1(Critical)

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This ...

CWE-1902021

CVE-2021-3402

CRITICAL
CVSS:9.1(Critical)

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure vi...

CWE-1902021