CVE-2024-31585

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-31585
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31585.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-31585
Downstream
Related
Published
2024-04-17T19:15:08Z
Modified
2025-10-16T06:12:44.895064Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

References

Affected packages

Git / git.ffmpeg.org/ffmpeg.git

Affected ranges

Type
GIT
Repo
https://git.ffmpeg.org/ffmpeg.git
Events
Type
GIT
Repo
https://github.com/ffmpeg/ffmpeg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Fixed

Affected versions

Other

N

n0.*

n0.11-dev
n0.12-dev
n0.8

n1.*

n1.1-dev
n1.2-dev
n1.3-dev

n2.*

n2.0
n2.1-dev
n2.2-dev
n2.3-dev
n2.4-dev
n2.5-dev
n2.6-dev
n2.7-dev
n2.8-dev
n2.9-dev

n3.*

n3.1-dev
n3.2-dev
n3.3-dev
n3.4-dev
n3.5-dev

n4.*

n4.1-dev
n4.2-dev
n4.3-dev
n4.4-dev
n4.5-dev

n5.*

n5.1-dev
n5.2-dev

n6.*

n6.1
n6.1-dev
n6.2-dev

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2024-31585-08099229",
            "signature_type": "Line",
            "target": {
                "file": "libavfilter/avf_showspectrum.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "33004810844507636286081940887998307160",
                    "240629155252156987622166283573511900722",
                    "53981932091477279342915581891250092416",
                    "239120919222719020887426976847955766108"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/3061bf668feffc7c1f0b244205167b3b86da8015"
        },
        {
            "id": "CVE-2024-31585-09912a50",
            "signature_type": "Function",
            "target": {
                "file": "libavfilter/avf_showspectrum.c",
                "function": "uninit"
            },
            "deprecated": false,
            "digest": {
                "length": 1501.0,
                "function_hash": "275853421321304377230350950274173232445"
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
        },
        {
            "id": "CVE-2024-31585-0e3cc743",
            "signature_type": "Line",
            "target": {
                "file": "libavfilter/avf_showspectrum.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "250532233617630525666009905044867022767",
                    "194582591958274878863209184836639564239",
                    "227125886964139068306798684359525009788",
                    "40860167497756141282452544977085166446",
                    "326348326651361237134608616963730923378",
                    "154273557118656779635079618854588554963",
                    "241606846815952780929768774717623257920",
                    "67319824489307266950063527132783653611",
                    "228516383350692131914323700304375399211",
                    "245436152201377792979986113436582207706",
                    "143699722123922216614110538188165980576",
                    "306379917006651681453983987768675175054",
                    "295457282195391662764968689487949667200",
                    "265569340028293789397355734375380009810",
                    "106893742699276585517912621613042015149",
                    "106828020190799482486142411174608799688",
                    "25704759226410402609445500067849050913",
                    "310379738612102410359831135143205885562",
                    "247934203642479604600207401908139406399",
                    "111905485109007306582292741892536245665",
                    "129798359628271940009015269257031155306",
                    "7081604456532196464350826583474232040",
                    "337356458146238461341601401798262327765",
                    "243834143172923746614423164475979690249",
                    "70418481661112592531239682396141613365",
                    "154829577219924623419563959108120085931",
                    "65567123329795840849857985849537737313",
                    "303177262638486277294531270427874452634",
                    "301703322554646559485556544349706546186",
                    "256979503608850930412982167122873879994",
                    "299952934514550512529882293827230584025",
                    "32501823974734762890683571086070068504",
                    "93177973709399544403419829438569230145",
                    "90786471257243737504591675892371621701",
                    "94011914189832907386675584114145845558",
                    "306723383863773597023355021261511473004",
                    "54195538040429664471698288816681239260",
                    "159374420741889739359195056586757402602",
                    "193806644736244063889764099187622505111",
                    "267198152436879007340538928878458744740",
                    "81875991850722112531568804455199345439",
                    "4085916443323496932767380374248342369",
                    "105561746031984592664938699462846615101",
                    "76087931201330097498123772488477618479",
                    "278691005488740019259084223170444378695",
                    "22401791163325166125254546151608785984",
                    "151028192679197481296948757561613093453",
                    "234607267632319265228374283402168028787",
                    "75515200356175784129632406698445823865",
                    "63049116340069989721551920397953736987",
                    "65163501723646798889586786304376239564",
                    "299518649980722952531926706038020778383",
                    "22327497942021027487320473168384666716",
                    "289840559285559536048459952440050167952",
                    "223576784291265079838493710114425656582",
                    "29694487222956653771456961965673921016",
                    "183116735891046150052197438894557719890",
                    "265368811490675528674392243467823441503",
                    "181756861584670553589118800213133243528",
                    "62581629934733616955533783054164499648",
                    "126296416006931555399214388662193686716",
                    "140679681336220295995554828171566347440",
                    "202509340766376707361383686119568983853",
                    "64800909931499484304489655145158408314",
                    "159478891854985605053507781041303577259",
                    "56878507645636051350068799062562746878",
                    "257179265152451424985524203781425180638",
                    "197831654425686442281256037598396944365",
                    "250804910745208697685221098563791665622",
                    "306253043406362381251100917172882585079",
                    "11432692103436598000648559338586983111",
                    "222207863861618326648639584653309770125",
                    "323620138187327537607305614189219706832",
                    "49792358454404042386797029963462785039",
                    "68862123158537131419311384008690315293",
                    "257604871655116864218729605859691911721",
                    "143634043165514579821718655515097201721",
                    "186106986779126889154764157050937179610",
                    "151522292588456309234477412434849005721",
                    "303514792429508531600704762798257981843",
                    "55783564622999452805582702747138205841",
                    "233950637175343161122656691897251755071",
                    "138000056004172336468877395478060330860",
                    "2187491675623441286097036565675740094",
                    "42716586235007452346547718673402707156",
                    "292632199909891051677796721233071147986",
                    "302156693264269974226983990626107147457",
                    "100585141979265542425509056723235311980",
                    "49935636710269788657906813307408330954",
                    "38765955685104945812533191404572052884",
                    "210827346167043240497468542753447261857",
                    "53030916757982481451674708548410210212",
                    "664071554938959622005801504923102651",
                    "237449347485015524143009837583016784532",
                    "110992335960826137281647999399619219537",
                    "131539426750128741106533015578609524278",
                    "56332281064249178318644783100600929396",
                    "255248721043799202394282588619373582355",
                    "246158774966933567985968506885556391788",
                    "16107803958027290568821941992261488295",
                    "100754875046808917963319541262181873012",
                    "39023771934203507955053523772098890546",
                    "206742092424235259523276152824431081718",
                    "29795666054093522200001082900431504819",
                    "218626082641524466535896593869319871922",
                    "25663616186130672631425575673222038463",
                    "11714727554792303155716761739253511107",
                    "198682352874119015339497580778030432980",
                    "250558317086638963163650166405739204866",
                    "9570040017366744206236898565866316548",
                    "339878222335651647215777735961627470369",
                    "324090555222761696570510828874497097627",
                    "266373531574948192397083648480428432235",
                    "179333219036868927002838049149409475484",
                    "68855119561916594754402829975855853856",
                    "97848681260013410882197308943542975195",
                    "23368829563728921410149992311037819509",
                    "143372520253043781213100281516072647881",
                    "310291683160564978288871201073184481027",
                    "159074032282968499208039728244362650765",
                    "25772380844906619271907953969310422538",
                    "185957640283375215816315376358104889014",
                    "242134988937918544634562137314594017548",
                    "281258745959129832511995159821857833941",
                    "60858381673747769902996496395501704221",
                    "104661545179304568684468592169585876346",
                    "227460343978213491619981547289562445252",
                    "159997843418105341563968368820207368613",
                    "246983540571454700844016261001949086117",
                    "202226273829331551157239758882435366633",
                    "154167605484695974908540064258935036200",
                    "298259087643816598693765932045449968720",
                    "212499118045782667657447262392654911366",
                    "148510978415296703264627968452401813770",
                    "140656618451013934609010123712459698256",
                    "113610989764517363275288683588563437561",
                    "138000056004172336468877395478060330860",
                    "180621336919910656610076127790645510287",
                    "218047422126170765890423527786070495246",
                    "191286382076754437535315723461220239224",
                    "96639018764523612035611772349933871239",
                    "135110596199196902433656616165752476099",
                    "180847897275252642685903867825514169702",
                    "287733776235741636517553297754987472179",
                    "213731164308240384735407773091690856201",
                    "198493662721281249805892604184566411221",
                    "255901871596336295849124747052588255812",
                    "164634229321366885449696088497656907861",
                    "277580431540105939972768179168115273824",
                    "303420011166713403484377146857848457115",
                    "21625154443344124184577473256066289703",
                    "80691949216117566420984336224286424189",
                    "194918456523563857353369462322893312646",
                    "315545749006326639746655626057958615302",
                    "271494451450679206235344626856166063540",
                    "140003512576265262039853190377914100060",
                    "62997903029683276164318802116564831954"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
        },
        {
            "id": "CVE-2024-31585-22f60948",
            "signature_type": "Function",
            "target": {
                "file": "libavfilter/avf_showspectrum.c",
                "function": "activate"
            },
            "deprecated": false,
            "digest": {
                "length": 3209.0,
                "function_hash": "43389215854740235017310413889448707456"
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
        },
        {
            "id": "CVE-2024-31585-51d1e00a",
            "signature_type": "Function",
            "target": {
                "file": "libavfilter/avf_showspectrum.c",
                "function": "showspectrumpic_request_frame"
            },
            "deprecated": false,
            "digest": {
                "length": 1862.0,
                "function_hash": "299677327369700206077138911515669018881"
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/3061bf668feffc7c1f0b244205167b3b86da8015"
        },
        {
            "id": "CVE-2024-31585-8208022b",
            "signature_type": "Function",
            "target": {
                "file": "libavfilter/avf_showspectrum.c",
                "function": "showspectrumpic_request_frame"
            },
            "deprecated": false,
            "digest": {
                "length": 1862.0,
                "function_hash": "299677327369700206077138911515669018881"
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06"
        },
        {
            "id": "CVE-2024-31585-8aa3b92e",
            "signature_type": "Function",
            "target": {
                "file": "libavfilter/avf_showspectrum.c",
                "function": "showspectrumpic_request_frame"
            },
            "deprecated": false,
            "digest": {
                "length": 1695.0,
                "function_hash": "226536095738575176497693434359181492851"
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
        },
        {
            "id": "CVE-2024-31585-8b6d649a",
            "signature_type": "Function",
            "target": {
                "file": "libavfilter/avf_showspectrum.c",
                "function": "run_channel_fft"
            },
            "deprecated": false,
            "digest": {
                "length": 3072.0,
                "function_hash": "240087826172699288574849261300559284648"
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
        },
        {
            "id": "CVE-2024-31585-cd5d3834",
            "signature_type": "Function",
            "target": {
                "file": "libavfilter/avf_showspectrum.c",
                "function": "config_output"
            },
            "deprecated": false,
            "digest": {
                "length": 8223.0,
                "function_hash": "111808552109293659856030158406063628659"
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
        },
        {
            "id": "CVE-2024-31585-cdeda172",
            "signature_type": "Function",
            "target": {
                "file": "libavfilter/avf_showspectrum.c",
                "function": "plot_spectrum_column"
            },
            "deprecated": false,
            "digest": {
                "length": 4366.0,
                "function_hash": "65730801919738550572485403140693205865"
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
        },
        {
            "id": "CVE-2024-31585-e1104cf1",
            "signature_type": "Function",
            "target": {
                "file": "libavfilter/avf_showspectrum.c",
                "function": "showspectrumpic_filter_frame"
            },
            "deprecated": false,
            "digest": {
                "length": 258.0,
                "function_hash": "100662805910983519715205790507976560538"
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"
        },
        {
            "id": "CVE-2024-31585-f7d24682",
            "signature_type": "Line",
            "target": {
                "file": "libavfilter/avf_showspectrum.c"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "33004810844507636286081940887998307160",
                    "240629155252156987622166283573511900722",
                    "53981932091477279342915581891250092416",
                    "239120919222719020887426976847955766108"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06"
        }
    ]
}