CVE-2024-35365
Published: 03 January 2025
Summary
CVE-2024-35365 is a high-severity Double Free (CWE-415) vulnerability in Ffmpeg Ffmpeg. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 45.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-35365 is a double-free vulnerability (CWE-415) in FFmpeg version n6.1.1, located in the fftools/ffmpeg_mux_init.c component, specifically within the new_stream_audio function. This flaw affects the FFmpeg multimedia framework, which is widely used for handling audio and video processing in various applications and tools. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
Remote attackers can exploit this vulnerability by tricking users into processing a specially crafted media file using the affected FFmpeg version, as it requires user interaction such as running the ffmpeg tool on malicious input. No privileges are needed, and the low attack complexity makes it accessible over the network. Successful exploitation of the double-free could result in high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data corruption, or denial of service.
FFmpeg has addressed the issue via a patch in commit ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5, available on the project's GitHub repository. Security practitioners should update to versions incorporating this fix and review the source code at fftools/ffmpeg_mux_init.c#L886 for details. Additional technical analysis is provided in the referenced GitHub gist.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-35775
Vulnerability details
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Double-free in client-side FFmpeg library directly enables remote code execution via malicious media file requiring user interaction.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 mandates timely identification, reporting, and correction of system flaws like the double-free vulnerability in FFmpeg n6.1.1, directly enabling patching via the provided commit.
SI-16 requires controls to minimize the impact of double-free vulnerabilities, explicitly addressing this CWE-415 flaw in FFmpeg's new_stream_audio function.
SI-10 enforces validation and sanitization of inputs like crafted media files, reducing the risk of triggering the double-free during FFmpeg processing.