FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
{ "vanir_signatures": [ { "id": "CVE-2024-31585-08099229", "signature_type": "Line", "target": { "file": "libavfilter/avf_showspectrum.c" }, "deprecated": false, "digest": { "line_hashes": [ "33004810844507636286081940887998307160", "240629155252156987622166283573511900722", "53981932091477279342915581891250092416", "239120919222719020887426976847955766108" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/3061bf668feffc7c1f0b244205167b3b86da8015" }, { "id": "CVE-2024-31585-09912a50", "signature_type": "Function", "target": { "file": "libavfilter/avf_showspectrum.c", "function": "uninit" }, "deprecated": false, "digest": { "length": 1501.0, "function_hash": "275853421321304377230350950274173232445" }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80" }, { "id": "CVE-2024-31585-0e3cc743", "signature_type": "Line", "target": { "file": "libavfilter/avf_showspectrum.c" }, "deprecated": false, "digest": { "line_hashes": [ "250532233617630525666009905044867022767", "194582591958274878863209184836639564239", "227125886964139068306798684359525009788", "40860167497756141282452544977085166446", "326348326651361237134608616963730923378", "154273557118656779635079618854588554963", "241606846815952780929768774717623257920", "67319824489307266950063527132783653611", "228516383350692131914323700304375399211", "245436152201377792979986113436582207706", "143699722123922216614110538188165980576", "306379917006651681453983987768675175054", "295457282195391662764968689487949667200", "265569340028293789397355734375380009810", "106893742699276585517912621613042015149", "106828020190799482486142411174608799688", "25704759226410402609445500067849050913", "310379738612102410359831135143205885562", "247934203642479604600207401908139406399", "111905485109007306582292741892536245665", "129798359628271940009015269257031155306", "7081604456532196464350826583474232040", "337356458146238461341601401798262327765", "243834143172923746614423164475979690249", "70418481661112592531239682396141613365", "154829577219924623419563959108120085931", "65567123329795840849857985849537737313", "303177262638486277294531270427874452634", "301703322554646559485556544349706546186", "256979503608850930412982167122873879994", "299952934514550512529882293827230584025", "32501823974734762890683571086070068504", "93177973709399544403419829438569230145", "90786471257243737504591675892371621701", "94011914189832907386675584114145845558", "306723383863773597023355021261511473004", "54195538040429664471698288816681239260", "159374420741889739359195056586757402602", "193806644736244063889764099187622505111", "267198152436879007340538928878458744740", "81875991850722112531568804455199345439", "4085916443323496932767380374248342369", "105561746031984592664938699462846615101", "76087931201330097498123772488477618479", "278691005488740019259084223170444378695", "22401791163325166125254546151608785984", "151028192679197481296948757561613093453", "234607267632319265228374283402168028787", "75515200356175784129632406698445823865", "63049116340069989721551920397953736987", "65163501723646798889586786304376239564", "299518649980722952531926706038020778383", "22327497942021027487320473168384666716", "289840559285559536048459952440050167952", "223576784291265079838493710114425656582", "29694487222956653771456961965673921016", "183116735891046150052197438894557719890", "265368811490675528674392243467823441503", "181756861584670553589118800213133243528", "62581629934733616955533783054164499648", "126296416006931555399214388662193686716", "140679681336220295995554828171566347440", "202509340766376707361383686119568983853", "64800909931499484304489655145158408314", "159478891854985605053507781041303577259", "56878507645636051350068799062562746878", "257179265152451424985524203781425180638", "197831654425686442281256037598396944365", "250804910745208697685221098563791665622", "306253043406362381251100917172882585079", "11432692103436598000648559338586983111", "222207863861618326648639584653309770125", "323620138187327537607305614189219706832", "49792358454404042386797029963462785039", "68862123158537131419311384008690315293", "257604871655116864218729605859691911721", "143634043165514579821718655515097201721", "186106986779126889154764157050937179610", "151522292588456309234477412434849005721", "303514792429508531600704762798257981843", "55783564622999452805582702747138205841", "233950637175343161122656691897251755071", "138000056004172336468877395478060330860", "2187491675623441286097036565675740094", "42716586235007452346547718673402707156", "292632199909891051677796721233071147986", "302156693264269974226983990626107147457", "100585141979265542425509056723235311980", "49935636710269788657906813307408330954", "38765955685104945812533191404572052884", "210827346167043240497468542753447261857", "53030916757982481451674708548410210212", "664071554938959622005801504923102651", "237449347485015524143009837583016784532", "110992335960826137281647999399619219537", "131539426750128741106533015578609524278", "56332281064249178318644783100600929396", "255248721043799202394282588619373582355", "246158774966933567985968506885556391788", "16107803958027290568821941992261488295", "100754875046808917963319541262181873012", "39023771934203507955053523772098890546", "206742092424235259523276152824431081718", "29795666054093522200001082900431504819", "218626082641524466535896593869319871922", "25663616186130672631425575673222038463", "11714727554792303155716761739253511107", "198682352874119015339497580778030432980", "250558317086638963163650166405739204866", "9570040017366744206236898565866316548", "339878222335651647215777735961627470369", "324090555222761696570510828874497097627", "266373531574948192397083648480428432235", "179333219036868927002838049149409475484", "68855119561916594754402829975855853856", "97848681260013410882197308943542975195", "23368829563728921410149992311037819509", "143372520253043781213100281516072647881", "310291683160564978288871201073184481027", "159074032282968499208039728244362650765", "25772380844906619271907953969310422538", "185957640283375215816315376358104889014", "242134988937918544634562137314594017548", "281258745959129832511995159821857833941", "60858381673747769902996496395501704221", "104661545179304568684468592169585876346", "227460343978213491619981547289562445252", "159997843418105341563968368820207368613", "246983540571454700844016261001949086117", "202226273829331551157239758882435366633", "154167605484695974908540064258935036200", "298259087643816598693765932045449968720", "212499118045782667657447262392654911366", "148510978415296703264627968452401813770", "140656618451013934609010123712459698256", "113610989764517363275288683588563437561", "138000056004172336468877395478060330860", "180621336919910656610076127790645510287", "218047422126170765890423527786070495246", "191286382076754437535315723461220239224", "96639018764523612035611772349933871239", "135110596199196902433656616165752476099", "180847897275252642685903867825514169702", "287733776235741636517553297754987472179", "213731164308240384735407773091690856201", "198493662721281249805892604184566411221", "255901871596336295849124747052588255812", "164634229321366885449696088497656907861", "277580431540105939972768179168115273824", "303420011166713403484377146857848457115", "21625154443344124184577473256066289703", "80691949216117566420984336224286424189", "194918456523563857353369462322893312646", "315545749006326639746655626057958615302", "271494451450679206235344626856166063540", "140003512576265262039853190377914100060", "62997903029683276164318802116564831954" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80" }, { "id": "CVE-2024-31585-22f60948", "signature_type": "Function", "target": { "file": "libavfilter/avf_showspectrum.c", "function": "activate" }, "deprecated": false, "digest": { "length": 3209.0, "function_hash": "43389215854740235017310413889448707456" }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80" }, { "id": "CVE-2024-31585-51d1e00a", "signature_type": "Function", "target": { "file": "libavfilter/avf_showspectrum.c", "function": "showspectrumpic_request_frame" }, "deprecated": false, "digest": { "length": 1862.0, "function_hash": "299677327369700206077138911515669018881" }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/3061bf668feffc7c1f0b244205167b3b86da8015" }, { "id": "CVE-2024-31585-8208022b", "signature_type": "Function", "target": { "file": "libavfilter/avf_showspectrum.c", "function": "showspectrumpic_request_frame" }, "deprecated": false, "digest": { "length": 1862.0, "function_hash": "299677327369700206077138911515669018881" }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06" }, { "id": "CVE-2024-31585-8aa3b92e", "signature_type": "Function", "target": { "file": "libavfilter/avf_showspectrum.c", "function": "showspectrumpic_request_frame" }, "deprecated": false, "digest": { "length": 1695.0, "function_hash": "226536095738575176497693434359181492851" }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80" }, { "id": "CVE-2024-31585-8b6d649a", "signature_type": "Function", "target": { "file": "libavfilter/avf_showspectrum.c", "function": "run_channel_fft" }, "deprecated": false, "digest": { "length": 3072.0, "function_hash": "240087826172699288574849261300559284648" }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80" }, { "id": "CVE-2024-31585-cd5d3834", "signature_type": "Function", "target": { "file": "libavfilter/avf_showspectrum.c", "function": "config_output" }, "deprecated": false, "digest": { "length": 8223.0, "function_hash": "111808552109293659856030158406063628659" }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80" }, { "id": "CVE-2024-31585-cdeda172", "signature_type": "Function", "target": { "file": "libavfilter/avf_showspectrum.c", "function": "plot_spectrum_column" }, "deprecated": false, "digest": { "length": 4366.0, "function_hash": "65730801919738550572485403140693205865" }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80" }, { "id": "CVE-2024-31585-e1104cf1", "signature_type": "Function", "target": { "file": "libavfilter/avf_showspectrum.c", "function": "showspectrumpic_filter_frame" }, "deprecated": false, "digest": { "length": 258.0, "function_hash": "100662805910983519715205790507976560538" }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80" }, { "id": "CVE-2024-31585-f7d24682", "signature_type": "Line", "target": { "file": "libavfilter/avf_showspectrum.c" }, "deprecated": false, "digest": { "line_hashes": [ "33004810844507636286081940887998307160", "240629155252156987622166283573511900722", "53981932091477279342915581891250092416", "239120919222719020887426976847955766108" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06" } ] }