CVE-2024-31585

Publication date 17 April 2024

Last updated 24 July 2024

Ubuntu priority

FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ffmpeg	24.04 LTS noble	Not affected
	23.10 mantic	Fixed 7:6.0-6ubuntu1.1
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-6803-1
FFmpeg vulnerabilities
30 May 2024

Other references

https://www.cve.org/CVERecord?id=CVE-2024-31585
https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06
https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80
https://gist.github.com/1047524396/dc2c64ffe0c3934a6176bcd2c5cf5656