CVE-2024-35365 identifies a double-free vulnerability in FFmpeg version n6.1.1, located in the fftools/ffmpeg_mux_init.c source file, specifically within the new_stream_audio function. A double-free occurs when a program attempts to free the same memory location twice, leading to undefined behavior such as memory corruption, crashes, or potential arbitrary code execution. In this case, the vulnerability can be triggered remotely without requiring any privileges, though it does require user interaction, such as processing a crafted media file. The vulnerability affects the confidentiality, integrity, and availability of systems running the vulnerable FFmpeg version, as exploitation could allow attackers to execute arbitrary code, crash the application, or manipulate media processing results. The CVSS v3.1 score of 8.8 reflects the high impact and ease of exploitation (network vector, low attack complexity, no privileges required, but user interaction needed). FFmpeg is a widely used open-source multimedia framework embedded in numerous applications, devices, and platforms for audio and video processing, transcoding, and streaming. The vulnerability is categorized under CWE-415 (Double Free), a common memory management error. No patches or known exploits are currently reported, but the risk remains significant due to FFmpeg's ubiquity and the potential severity of exploitation. The vulnerability was reserved in May 2024 and published in January 2025, indicating recent discovery and disclosure.

The impact of CVE-2024-35365 is substantial for organizations worldwide that utilize FFmpeg for media processing, streaming, or transcoding. Exploitation can lead to arbitrary code execution, allowing attackers to gain control over affected systems, potentially leading to data breaches, service disruptions, or deployment of malware. The double-free vulnerability can also cause application crashes, resulting in denial of service conditions. Given FFmpeg's integration in many software products, including media players, video conferencing tools, content delivery networks, and embedded devices, the attack surface is broad. Organizations in sectors such as media and entertainment, telecommunications, cloud services, and IoT device manufacturing are particularly vulnerable. The requirement for user interaction means that social engineering or malicious media files could be vectors for exploitation. The absence of known exploits in the wild currently reduces immediate risk but does not diminish the urgency for remediation, as proof-of-concept exploits could emerge rapidly. Failure to address this vulnerability could lead to significant operational and reputational damage.

To mitigate CVE-2024-35365, organizations should: 1) Monitor FFmpeg project communications closely and apply official patches promptly once released. 2) Until patches are available, restrict or sanitize all untrusted media inputs processed by FFmpeg to reduce exposure to crafted malicious files. 3) Employ sandboxing or containerization techniques to isolate FFmpeg processes, limiting the impact of potential exploitation. 4) Implement strict input validation and filtering at the application level to detect and block suspicious media files. 5) Use runtime application self-protection (RASP) or memory protection mechanisms such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) to hinder exploitation. 6) Conduct regular security assessments and fuzz testing on media processing components to identify similar vulnerabilities proactively. 7) Educate users and administrators about the risks of opening untrusted media files and encourage cautious handling of such content. 8) Monitor logs and system behavior for anomalies indicative of exploitation attempts, such as unexpected crashes or unusual process activity.