Bug 1223075 (CVE-2024-31581) - VUL-0: CVE-2024-31581: ffmpeg,ffmpeg-4: improper validation of array index in libavcodec/cbs_h266_syntax_template.c.
Summary: VUL-0: CVE-2024-31581: ffmpeg,ffmpeg-4: improper validation of array index in...
Status: RESOLVED INVALID
Alias: CVE-2024-31581
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/402500/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-31581:8.6:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-04-18 11:31 UTC by SMASH SMASH
Modified: 2024-04-19 09:40 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-04-18 11:31:33 UTC 
FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-31581
https://www.cve.org/CVERecord?id=CVE-2024-31581
https://gist.github.com/1047524396/a7e9273e12553775826784035333cdd8
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/cbs_h266_syntax_template.c#L2048
https://github.com/ffmpeg/ffmpeg/commit/ce0c178a408d43e71085c28a47d50dc939b60196
Comment 1 Camila Camargo de Matos 2024-04-18 11:35:47 UTC 
No codestreams are currently affected by this issue. The file containing the vulnerable code was only introduced in version 6.1, by commit [0], meaning, versions prior to 6.1 do not contain the affected code. The issue was fixed in 6.1.1, so openSUSE:Factory/ffmpeg-6 is also not currently affected.


[0] https://github.com/FFmpeg/FFmpeg/commit/dfc62fd1c6da6429bbd0eb3cbb6f3804e8fcb8ae