CVERadar

CVE-2024-35365

Medium Severity

SVRS

34/100

CVSSv3

8.8/10

EPSS

0.00077/1

CVE-2024-35365 is a double-free vulnerability affecting FFmpeg version n6.1.1, potentially leading to application crashes or arbitrary code execution. The flaw lies in the new_stream_audio function within fftools/ffmpeg_mux_init.c. Though its CVSS score is 8.8, SOCRadar's Vulnerability Risk Score (SVRS) is 34, indicating a lower level of immediate risk compared to vulnerabilities with SVRS scores above 80.

However, because it is tagged as "In The Wild", administrators should monitor the vulnerability and apply patches as soon as they are available. A double-free vulnerability allows an attacker to potentially corrupt memory, leading to instability. This is especially critical in applications like FFmpeg that are widely used in media processing and streaming. While the SVRS is not critical, the inherent danger of memory corruption vulnerabilities should be carefully considered. Failing to patch can potentially result in significant security breaches and operational disruptions.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-35365 | FFmpeg 6.1.1 ffmpeg_mux_init.c new_stream_audio double free

vuldb.com2025-01-04

CVE-2024-35365 | FFmpeg 6.1.1 ffmpeg_mux_init.c new_stream_audio double free | A vulnerability was found in FFmpeg 6.1.1. It has been classified as critical. This affects the function new_stream_audio of the file fftools/ffmpeg_mux_init.c. The manipulation leads to double free. This vulnerability is uniquely identified as CVE-2024-35365. It is possible to initiate the

vuldb.com

rss

forum

news

Social Media

CVE

@CVEnew

2025-01-03

CVE-2024-35365 FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. https://t.co/pU6f2Urfcd

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://gist.github.com/1047524396/d7d4ea8055b75c4a9f9bbcff31d21423
[email protected]	https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/fftools/ffmpeg_mux_init.c#L886
[email protected]	https://github.com/ffmpeg/ffmpeg/commit/ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5

CWE Details

CWE ID	CWE Name	Description
CWE-415	Double Free	The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence