CVE-2024-7055

Publication date 6 August 2024

Last updated 7 August 2024

Ubuntu priority

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ffmpeg	24.04 LTS noble	Vulnerable
	22.04 LTS jammy	Vulnerable
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
libav	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
	14.04 LTS trusty	Needs evaluation

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2024-7055
https://vuldb.com/?id.273651
https://vuldb.com/?ctiid.273651
https://vuldb.com/?submit.376532
https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3
https://ffmpeg.org/download.html
https://ffmpeg.org/