CVE-2024-31581
Published: 17 April 2024
Summary
CVE-2024-31581 is a critical-severity Improper Validation of Array Index (CWE-129) vulnerability in Fedoraproject Fedora. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 44.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-29457
Vulnerability details
FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The improper array index validation in FFmpeg's H.266 parser allows crafted media files to trigger undefined behavior, facilitating exploitation for client execution (T1203) or application crashes leading to endpoint denial of service (T1499.004).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.