Bug 1223075 (CVE-2024-31581)

Summary: VUL-0: CVE-2024-31581: ffmpeg,ffmpeg-4: improper validation of array index in libavcodec/cbs_h266_syntax_template.c.
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P5 - None CC: camila.matos, qzhao
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/402500/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-31581:8.6:(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-04-18 11:31:33 UTC 
FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-31581
https://www.cve.org/CVERecord?id=CVE-2024-31581
https://gist.github.com/1047524396/a7e9273e12553775826784035333cdd8
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/cbs_h266_syntax_template.c#L2048
https://github.com/ffmpeg/ffmpeg/commit/ce0c178a408d43e71085c28a47d50dc939b60196
Comment 1 Camila Camargo de Matos 2024-04-18 11:35:47 UTC 
No codestreams are currently affected by this issue. The file containing the vulnerable code was only introduced in version 6.1, by commit [0], meaning, versions prior to 6.1 do not contain the affected code. The issue was fixed in 6.1.1, so openSUSE:Factory/ffmpeg-6 is also not currently affected.


[0] https://github.com/FFmpeg/FFmpeg/commit/dfc62fd1c6da6429bbd0eb3cbb6f3804e8fcb8ae