FFmpeg Security Update Advisory (CVE-2024-7272)

Malware News
1

Overview

 

An update has been released to address vulnerabilities in FFmpeg. Users of the affected versions are advised to update to the latest version.

Affected Products

 

CVE-2024-7272

  • FFmpeg versions: ~ 5.1.5 (inclusive)

 

Resolved Vulnerabilities

 

Heap-based buffer overflow vulnerability in the fill_audiodata function in file /libswresample/swresample.c (CVE-2024-7272)

 

Vulnerability Patches

 

The following product-specific Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-7272

  • FFmpeg version: 5.1.6 or 6.0

 

 

References

 

[1] CVE-2024-7272 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-7272

[2] github/FFmpeg

https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc5

Article Link: FFmpeg Security Update Advisory (CVE-2024-7272) – ASEC