CVE-2024-35365 – CVE-2024-35365 is a double-free vulnerability i... (How to Fix)

Q: What is the severity of CVE-2024-35365?

CVE-2024-35365 has a CVSS score of 8.8 (HIGH). CVE-2024-35365 is a double-free vulnerability in FFmpeg's audio stream initialization function that could allow attackers to execute arbitrary code or cause denial of service. This affects systems using FFmpeg version n6.1.1 for media processing. Attackers could exploit this by providing malicious media files to vulnerable FFmpeg instances.

📋 TL;DR

CVE-2024-35365 is a double-free vulnerability in FFmpeg's audio stream initialization function that could allow attackers to execute arbitrary code or cause denial of service. This affects systems using FFmpeg version n6.1.1 for media processing. Attackers could exploit this by providing malicious media files to vulnerable FFmpeg instances.

💻 Affected Systems

Products:

FFmpeg

Versions: n6.1.1 specifically

Operating Systems: All platforms running FFmpeg

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using FFmpeg library for media processing is vulnerable when handling audio streams

📦 What is this software?

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Application crash causing denial of service and potential data corruption

🟢

If Mitigated

Limited impact with proper sandboxing and input validation

🌐 Internet-Facing: HIGH - FFmpeg often processes untrusted media from external sources

🏢 Internal Only: MEDIUM - Internal media processing systems could be targeted via malicious uploads

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires crafting malicious media files; exploitation depends on heap manipulation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5 and later versions

Vendor Advisory: https://github.com/ffmpeg/ffmpeg/commit/ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5

Restart Required: No

Instructions:

1. Update FFmpeg to version after commit ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5. 2. Recompile any applications using FFmpeg library. 3. Replace vulnerable binaries with patched versions.

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict validation of media files before processing with FFmpeg

Sandbox execution

Linux

Run FFmpeg in isolated containers or sandboxes with limited permissions

docker run --read-only --cap-drop=ALL -v /input:/input:ro ffmpeg

🧯 If You Can't Patch

Implement strict network controls to limit FFmpeg's internet access
Deploy application allowlisting to prevent unauthorized FFmpeg execution

🔍 How to Verify

Check if Vulnerable:

Check FFmpeg version: ffmpeg -version | grep 'version n6.1.1'

Check Version:

ffmpeg -version | head -1

Verify Fix Applied:

Verify FFmpeg version is newer than commit ced5c5fdb8634d39ca9472a2026b2d2fea16c4e5

📡 Detection & Monitoring

Log Indicators:

FFmpeg segmentation faults
Heap corruption errors
Unexpected process termination

Network Indicators:

Unusual outbound connections from FFmpeg processes
Large media uploads to processing systems

SIEM Query:

process_name:ffmpeg AND (event_id:1000 OR exception_code:c0000005)

📊 Metadata

CVE ID: CVE-2024-35365

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-415

EPSS Score: 0.23% exploit probability (45th percentile)

Published: January 3, 2025

Last Updated: June 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35365, you might also want to check these: