CVE-2024-35368 – CVE-2024-35368 is a double-free vulnerability i... (How to Fix)

Q: What is the severity of CVE-2024-35368?

CVE-2024-35368 has a CVSS score of 9.8 (CRITICAL). CVE-2024-35368 is a double-free vulnerability in FFmpeg's rkmppdec.c component that allows memory corruption when processing certain media files. Attackers can exploit this to potentially execute arbitrary code or cause denial of service. This affects systems using FFmpeg n7.0 with RKMPP decoder support enabled.

📋 TL;DR

CVE-2024-35368 is a double-free vulnerability in FFmpeg's rkmppdec.c component that allows memory corruption when processing certain media files. Attackers can exploit this to potentially execute arbitrary code or cause denial of service. This affects systems using FFmpeg n7.0 with RKMPP decoder support enabled.

💻 Affected Systems

Products:

FFmpeg

Versions: n7.0 branch (specifically versions including the vulnerable commit)

Operating Systems: Linux, Android, Other Unix-like systems

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when RKMPP decoder is enabled/compiled (not default in all builds).

📦 What is this software?

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash causing denial of service, potentially leading to service disruption.

🟢

If Mitigated

Contained crash within FFmpeg process with no privilege escalation if proper sandboxing exists.

🌐 Internet-Facing: HIGH - FFmpeg often processes untrusted media from external sources.

🏢 Internal Only: MEDIUM - Still risky for internal media processing but attack surface is smaller.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept available in GitHub gist; exploitation requires feeding malicious media file to FFmpeg.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 4513300989502090c4fd6560544dce399a8cd53c and later

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/02/msg00000.html

Restart Required: Yes

Instructions:

1. Update FFmpeg to version with fix commit 2. Recompile if using custom build 3. Restart affected services

🔧 Temporary Workarounds

Disable RKMPP decoder

linux

Disable the vulnerable RKMPP decoder component at compile time

./configure --disable-decoder=rkmpp
make clean && make

Input validation

all

Implement strict media file validation before FFmpeg processing

🧯 If You Can't Patch

Implement strict network controls to limit media file sources
Run FFmpeg in container/sandbox with minimal privileges

🔍 How to Verify

Check if Vulnerable:

Check FFmpeg version and if RKMPP decoder is enabled: ffmpeg -decoders | grep rkmpp

Check Version:

ffmpeg -version | head -1

Verify Fix Applied:

Verify FFmpeg version includes commit 4513300989502090c4fd6560544dce399a8cd53c or later

📡 Detection & Monitoring

Log Indicators:

FFmpeg segmentation faults
Memory corruption errors in system logs
Abnormal FFmpeg process termination

Network Indicators:

Unusual media file uploads to processing services
Multiple failed FFmpeg processing attempts

SIEM Query:

process.name:ffmpeg AND (event.action:segfault OR event.outcome:failure)

📊 Metadata

CVE ID: CVE-2024-35368

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-415

Published: November 29, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35368, you might also want to check these: