CVE-2024-31585
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-31585
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31585.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-31585
- Downstream
- Related
- Published
- 2024-04-17T19:15:08Z
- Modified
- 2025-10-16T06:12:44.895064Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- References
-
- https://gist.github.com/1047524396/dc2c64ffe0c3934a6176bcd2c5cf5656
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/
- https://github.com/FFmpeg/FFmpeg/commit/3061bf668feffc7c1f0b244205167b3b86da8015
- https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80
- https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06
- https://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff/aec67d3d7d2895bfea61aa1358d9d8e956f8615c..ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06:/libavfilter/avf_showspectrum.c
- https://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff/bf2d7b20ea1c7d15dcbaedd479f40295e5c83430..3061bf668feffc7c1f0b244205167b3b86da8015:/libavfilter/avf_showspectrum.c
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/
Affected packages
Git / git.ffmpeg.org/ffmpeg.git
Affected ranges
- Type
- GIT
- Repo
- https://git.ffmpeg.org/ffmpeg.git
- Events
- Type
- GIT
- Repo
- https://github.com/ffmpeg/ffmpeg
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
Other
N
n0.*
n0.11-dev
n0.12-dev
n0.8
n1.*
n1.1-dev
n1.2-dev
n1.3-dev
n2.*
n2.0
n2.1-dev
n2.2-dev
n2.3-dev
n2.4-dev
n2.5-dev
n2.6-dev
n2.7-dev
n2.8-dev
n2.9-dev
n3.*
n3.1-dev
n3.2-dev
n3.3-dev
n3.4-dev
n3.5-dev
n4.*
n4.1-dev
n4.2-dev
n4.3-dev
n4.4-dev
n4.5-dev
n5.*
n5.1-dev
n5.2-dev
n6.*
n6.1
n6.1-dev
n6.2-dev
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2024-31585-08099229",
"signature_type": "Line",
"target": {
"file": "libavfilter/avf_showspectrum.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"33004810844507636286081940887998307160",
"240629155252156987622166283573511900722",
"53981932091477279342915581891250092416",
"239120919222719020887426976847955766108"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/3061bf668feffc7c1f0b244205167b3b86da8015"
},
{
"id": "CVE-2024-31585-09912a50",
"signature_type": "Function",
"target": {
"file": "libavfilter/avf_showspectrum.c",
"function": "uninit"
},
"deprecated": false,
"digest": {
"length": 1501.0,
"function_hash": "275853421321304377230350950274173232445"
},
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
},
{
"id": "CVE-2024-31585-0e3cc743",
"signature_type": "Line",
"target": {
"file": "libavfilter/avf_showspectrum.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"250532233617630525666009905044867022767",
"194582591958274878863209184836639564239",
"227125886964139068306798684359525009788",
"40860167497756141282452544977085166446",
"326348326651361237134608616963730923378",
"154273557118656779635079618854588554963",
"241606846815952780929768774717623257920",
"67319824489307266950063527132783653611",
"228516383350692131914323700304375399211",
"245436152201377792979986113436582207706",
"143699722123922216614110538188165980576",
"306379917006651681453983987768675175054",
"295457282195391662764968689487949667200",
"265569340028293789397355734375380009810",
"106893742699276585517912621613042015149",
"106828020190799482486142411174608799688",
"25704759226410402609445500067849050913",
"310379738612102410359831135143205885562",
"247934203642479604600207401908139406399",
"111905485109007306582292741892536245665",
"129798359628271940009015269257031155306",
"7081604456532196464350826583474232040",
"337356458146238461341601401798262327765",
"243834143172923746614423164475979690249",
"70418481661112592531239682396141613365",
"154829577219924623419563959108120085931",
"65567123329795840849857985849537737313",
"303177262638486277294531270427874452634",
"301703322554646559485556544349706546186",
"256979503608850930412982167122873879994",
"299952934514550512529882293827230584025",
"32501823974734762890683571086070068504",
"93177973709399544403419829438569230145",
"90786471257243737504591675892371621701",
"94011914189832907386675584114145845558",
"306723383863773597023355021261511473004",
"54195538040429664471698288816681239260",
"159374420741889739359195056586757402602",
"193806644736244063889764099187622505111",
"267198152436879007340538928878458744740",
"81875991850722112531568804455199345439",
"4085916443323496932767380374248342369",
"105561746031984592664938699462846615101",
"76087931201330097498123772488477618479",
"278691005488740019259084223170444378695",
"22401791163325166125254546151608785984",
"151028192679197481296948757561613093453",
"234607267632319265228374283402168028787",
"75515200356175784129632406698445823865",
"63049116340069989721551920397953736987",
"65163501723646798889586786304376239564",
"299518649980722952531926706038020778383",
"22327497942021027487320473168384666716",
"289840559285559536048459952440050167952",
"223576784291265079838493710114425656582",
"29694487222956653771456961965673921016",
"183116735891046150052197438894557719890",
"265368811490675528674392243467823441503",
"181756861584670553589118800213133243528",
"62581629934733616955533783054164499648",
"126296416006931555399214388662193686716",
"140679681336220295995554828171566347440",
"202509340766376707361383686119568983853",
"64800909931499484304489655145158408314",
"159478891854985605053507781041303577259",
"56878507645636051350068799062562746878",
"257179265152451424985524203781425180638",
"197831654425686442281256037598396944365",
"250804910745208697685221098563791665622",
"306253043406362381251100917172882585079",
"11432692103436598000648559338586983111",
"222207863861618326648639584653309770125",
"323620138187327537607305614189219706832",
"49792358454404042386797029963462785039",
"68862123158537131419311384008690315293",
"257604871655116864218729605859691911721",
"143634043165514579821718655515097201721",
"186106986779126889154764157050937179610",
"151522292588456309234477412434849005721",
"303514792429508531600704762798257981843",
"55783564622999452805582702747138205841",
"233950637175343161122656691897251755071",
"138000056004172336468877395478060330860",
"2187491675623441286097036565675740094",
"42716586235007452346547718673402707156",
"292632199909891051677796721233071147986",
"302156693264269974226983990626107147457",
"100585141979265542425509056723235311980",
"49935636710269788657906813307408330954",
"38765955685104945812533191404572052884",
"210827346167043240497468542753447261857",
"53030916757982481451674708548410210212",
"664071554938959622005801504923102651",
"237449347485015524143009837583016784532",
"110992335960826137281647999399619219537",
"131539426750128741106533015578609524278",
"56332281064249178318644783100600929396",
"255248721043799202394282588619373582355",
"246158774966933567985968506885556391788",
"16107803958027290568821941992261488295",
"100754875046808917963319541262181873012",
"39023771934203507955053523772098890546",
"206742092424235259523276152824431081718",
"29795666054093522200001082900431504819",
"218626082641524466535896593869319871922",
"25663616186130672631425575673222038463",
"11714727554792303155716761739253511107",
"198682352874119015339497580778030432980",
"250558317086638963163650166405739204866",
"9570040017366744206236898565866316548",
"339878222335651647215777735961627470369",
"324090555222761696570510828874497097627",
"266373531574948192397083648480428432235",
"179333219036868927002838049149409475484",
"68855119561916594754402829975855853856",
"97848681260013410882197308943542975195",
"23368829563728921410149992311037819509",
"143372520253043781213100281516072647881",
"310291683160564978288871201073184481027",
"159074032282968499208039728244362650765",
"25772380844906619271907953969310422538",
"185957640283375215816315376358104889014",
"242134988937918544634562137314594017548",
"281258745959129832511995159821857833941",
"60858381673747769902996496395501704221",
"104661545179304568684468592169585876346",
"227460343978213491619981547289562445252",
"159997843418105341563968368820207368613",
"246983540571454700844016261001949086117",
"202226273829331551157239758882435366633",
"154167605484695974908540064258935036200",
"298259087643816598693765932045449968720",
"212499118045782667657447262392654911366",
"148510978415296703264627968452401813770",
"140656618451013934609010123712459698256",
"113610989764517363275288683588563437561",
"138000056004172336468877395478060330860",
"180621336919910656610076127790645510287",
"218047422126170765890423527786070495246",
"191286382076754437535315723461220239224",
"96639018764523612035611772349933871239",
"135110596199196902433656616165752476099",
"180847897275252642685903867825514169702",
"287733776235741636517553297754987472179",
"213731164308240384735407773091690856201",
"198493662721281249805892604184566411221",
"255901871596336295849124747052588255812",
"164634229321366885449696088497656907861",
"277580431540105939972768179168115273824",
"303420011166713403484377146857848457115",
"21625154443344124184577473256066289703",
"80691949216117566420984336224286424189",
"194918456523563857353369462322893312646",
"315545749006326639746655626057958615302",
"271494451450679206235344626856166063540",
"140003512576265262039853190377914100060",
"62997903029683276164318802116564831954"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
},
{
"id": "CVE-2024-31585-22f60948",
"signature_type": "Function",
"target": {
"file": "libavfilter/avf_showspectrum.c",
"function": "activate"
},
"deprecated": false,
"digest": {
"length": 3209.0,
"function_hash": "43389215854740235017310413889448707456"
},
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
},
{
"id": "CVE-2024-31585-51d1e00a",
"signature_type": "Function",
"target": {
"file": "libavfilter/avf_showspectrum.c",
"function": "showspectrumpic_request_frame"
},
"deprecated": false,
"digest": {
"length": 1862.0,
"function_hash": "299677327369700206077138911515669018881"
},
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/3061bf668feffc7c1f0b244205167b3b86da8015"
},
{
"id": "CVE-2024-31585-8208022b",
"signature_type": "Function",
"target": {
"file": "libavfilter/avf_showspectrum.c",
"function": "showspectrumpic_request_frame"
},
"deprecated": false,
"digest": {
"length": 1862.0,
"function_hash": "299677327369700206077138911515669018881"
},
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06"
},
{
"id": "CVE-2024-31585-8aa3b92e",
"signature_type": "Function",
"target": {
"file": "libavfilter/avf_showspectrum.c",
"function": "showspectrumpic_request_frame"
},
"deprecated": false,
"digest": {
"length": 1695.0,
"function_hash": "226536095738575176497693434359181492851"
},
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
},
{
"id": "CVE-2024-31585-8b6d649a",
"signature_type": "Function",
"target": {
"file": "libavfilter/avf_showspectrum.c",
"function": "run_channel_fft"
},
"deprecated": false,
"digest": {
"length": 3072.0,
"function_hash": "240087826172699288574849261300559284648"
},
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
},
{
"id": "CVE-2024-31585-cd5d3834",
"signature_type": "Function",
"target": {
"file": "libavfilter/avf_showspectrum.c",
"function": "config_output"
},
"deprecated": false,
"digest": {
"length": 8223.0,
"function_hash": "111808552109293659856030158406063628659"
},
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
},
{
"id": "CVE-2024-31585-cdeda172",
"signature_type": "Function",
"target": {
"file": "libavfilter/avf_showspectrum.c",
"function": "plot_spectrum_column"
},
"deprecated": false,
"digest": {
"length": 4366.0,
"function_hash": "65730801919738550572485403140693205865"
},
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
},
{
"id": "CVE-2024-31585-e1104cf1",
"signature_type": "Function",
"target": {
"file": "libavfilter/avf_showspectrum.c",
"function": "showspectrumpic_filter_frame"
},
"deprecated": false,
"digest": {
"length": 258.0,
"function_hash": "100662805910983519715205790507976560538"
},
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
},
{
"id": "CVE-2024-31585-f7d24682",
"signature_type": "Line",
"target": {
"file": "libavfilter/avf_showspectrum.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"33004810844507636286081940887998307160",
"240629155252156987622166283573511900722",
"53981932091477279342915581891250092416",
"239120919222719020887426976847955766108"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06"
}
]
}