CVE-2024-7055: CWE-122 Heap-based Buffer Overflow in FFmpeg
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.
AI Analysis
Technical Summary
CVE-2024-7055 is a heap-based buffer overflow vulnerability identified in the widely used multimedia framework FFmpeg, affecting versions 7.0.0 and 7.0.1. The vulnerability resides in the pnm_decode_frame function of the pnm decoder module (/libavcodec/pnmdec.c). This function improperly handles certain crafted Portable Anymap (PNM) image inputs, leading to a heap overflow condition. Because the vulnerability is triggered remotely without requiring authentication or user interaction, attackers can exploit it by sending maliciously crafted media files or streams that FFmpeg processes. The overflow can corrupt heap memory, potentially allowing attackers to execute arbitrary code, cause denial of service via application crashes, or manipulate data integrity. The CVSS 4.0 base score is 6.9, reflecting medium severity with network attack vector, low attack complexity, and no privileges or user interaction needed. The vulnerability was publicly disclosed on August 6, 2024, and no known exploits have been reported in the wild yet. The recommended remediation is to upgrade FFmpeg to version 7.0.2, which contains the patch addressing this heap overflow. Given FFmpeg's extensive use in media servers, streaming platforms, video editing software, and embedded devices, this vulnerability poses a significant risk if unpatched. Organizations should also audit their use of FFmpeg in automated media processing workflows and consider additional input validation or sandboxing to mitigate exploitation risks.
Potential Impact
For European organizations, the impact of CVE-2024-7055 can be substantial, especially for those relying on FFmpeg in media processing, streaming services, content delivery networks, and multimedia applications. Exploitation could lead to unauthorized code execution, allowing attackers to compromise systems, exfiltrate sensitive data, or disrupt services. This can affect confidentiality, integrity, and availability of critical media infrastructure. Industries such as broadcasting, telecommunications, online media platforms, and software vendors integrating FFmpeg are particularly at risk. The vulnerability's remote exploitability without authentication increases the attack surface, potentially enabling widespread exploitation if weaponized. Additionally, embedded devices and IoT products using FFmpeg for media decoding in European markets could be targeted, leading to broader operational disruptions. The public disclosure and availability of the vulnerability details heighten the urgency for patching to prevent exploitation attempts.
Mitigation Recommendations
1. Immediately upgrade all FFmpeg instances to version 7.0.2 or later to apply the official patch addressing the heap overflow. 2. Audit all applications and services that utilize FFmpeg for media decoding or processing to identify vulnerable versions. 3. Implement network-level filtering to restrict or monitor incoming media streams from untrusted sources. 4. Employ sandboxing or containerization for media processing components to limit the impact of potential exploitation. 5. Integrate input validation and sanitization for media files before processing with FFmpeg, where feasible. 6. Monitor logs and network traffic for anomalous activity indicative of exploitation attempts targeting media processing pipelines. 7. Coordinate with vendors and third-party service providers to ensure they have applied the patch or mitigations. 8. Maintain an incident response plan tailored to media infrastructure compromise scenarios.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy, Spain
CVE-2024-7055: CWE-122 Heap-based Buffer Overflow in FFmpeg
Description
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.
AI-Powered Analysis
Technical Analysis
CVE-2024-7055 is a heap-based buffer overflow vulnerability identified in the widely used multimedia framework FFmpeg, affecting versions 7.0.0 and 7.0.1. The vulnerability resides in the pnm_decode_frame function of the pnm decoder module (/libavcodec/pnmdec.c). This function improperly handles certain crafted Portable Anymap (PNM) image inputs, leading to a heap overflow condition. Because the vulnerability is triggered remotely without requiring authentication or user interaction, attackers can exploit it by sending maliciously crafted media files or streams that FFmpeg processes. The overflow can corrupt heap memory, potentially allowing attackers to execute arbitrary code, cause denial of service via application crashes, or manipulate data integrity. The CVSS 4.0 base score is 6.9, reflecting medium severity with network attack vector, low attack complexity, and no privileges or user interaction needed. The vulnerability was publicly disclosed on August 6, 2024, and no known exploits have been reported in the wild yet. The recommended remediation is to upgrade FFmpeg to version 7.0.2, which contains the patch addressing this heap overflow. Given FFmpeg's extensive use in media servers, streaming platforms, video editing software, and embedded devices, this vulnerability poses a significant risk if unpatched. Organizations should also audit their use of FFmpeg in automated media processing workflows and consider additional input validation or sandboxing to mitigate exploitation risks.
Potential Impact
For European organizations, the impact of CVE-2024-7055 can be substantial, especially for those relying on FFmpeg in media processing, streaming services, content delivery networks, and multimedia applications. Exploitation could lead to unauthorized code execution, allowing attackers to compromise systems, exfiltrate sensitive data, or disrupt services. This can affect confidentiality, integrity, and availability of critical media infrastructure. Industries such as broadcasting, telecommunications, online media platforms, and software vendors integrating FFmpeg are particularly at risk. The vulnerability's remote exploitability without authentication increases the attack surface, potentially enabling widespread exploitation if weaponized. Additionally, embedded devices and IoT products using FFmpeg for media decoding in European markets could be targeted, leading to broader operational disruptions. The public disclosure and availability of the vulnerability details heighten the urgency for patching to prevent exploitation attempts.
Mitigation Recommendations
1. Immediately upgrade all FFmpeg instances to version 7.0.2 or later to apply the official patch addressing the heap overflow. 2. Audit all applications and services that utilize FFmpeg for media decoding or processing to identify vulnerable versions. 3. Implement network-level filtering to restrict or monitor incoming media streams from untrusted sources. 4. Employ sandboxing or containerization for media processing components to limit the impact of potential exploitation. 5. Integrate input validation and sanitization for media files before processing with FFmpeg, where feasible. 6. Monitor logs and network traffic for anomalous activity indicative of exploitation attempts targeting media processing pipelines. 7. Coordinate with vendors and third-party service providers to ensure they have applied the patch or mitigations. 8. Maintain an incident response plan tailored to media infrastructure compromise scenarios.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2024-07-23T19:38:00.873Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6909325735043901e830994c
Added to database: 11/3/2025, 10:53:11 PM
Last enriched: 11/3/2025, 11:14:42 PM
Last updated: 2/6/2026, 8:06:03 PM
Views: 79
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-25641: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition in nyariv SandboxJS
CriticalCVE-2026-25587: CWE-94: Improper Control of Generation of Code ('Code Injection') in nyariv SandboxJS
CriticalCVE-2026-25586: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in nyariv SandboxJS
CriticalCVE-2026-25520: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in nyariv SandboxJS
CriticalCVE-2026-2064: Cross Site Scripting in Portabilis i-Educar
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.