{"id":"CVE-2024-31585","details":"FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.","modified":"2026-04-16T04:38:32.551570226Z","published":"2024-04-17T19:15:08.007Z","related":["CGA-8jwc-98jw-fwcc","openSUSE-SU-2024:13888-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"},{"type":"WEB","url":"https://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff/bf2d7b20ea1c7d15dcbaedd479f40295e5c83430..3061bf668feffc7c1f0b244205167b3b86da8015:/libavfilter/avf_showspectrum.c"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"},{"type":"WEB","url":"https://git.ffmpeg.org/gitweb/ffmpeg.git/blobdiff/aec67d3d7d2895bfea61aa1358d9d8e956f8615c..ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06:/libavfilter/avf_showspectrum.c"},{"type":"ADVISORY","url":"https://gist.github.com/1047524396/dc2c64ffe0c3934a6176bcd2c5cf5656"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"},{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/3061bf668feffc7c1f0b244205167b3b86da8015"},{"type":"FIX","url":"https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"b189550137155a622f88df6e64e72c2cca660854"},{"fixed":"083443d67cb159ce469e5d902346b8d0c2cd1c93"},{"fixed":"3061bf668feffc7c1f0b244205167b3b86da8015"},{"fixed":"81df787b53eb5c6433731f6eaaf7f2a94d8a8c80"},{"fixed":"ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06"}],"database_specific":{"versions":[{"introduced":"5.1"},{"fixed":"7.0"}]}}],"versions":["n5.1-dev","n5.2-dev","n6.1","n6.1-dev","n6.2-dev"],"database_specific":{"vanir_signatures":[{"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80","target":{"file":"libavfilter/avf_showspectrum.c","function":"uninit"},"id":"CVE-2024-31585-09912a50","digest":{"length":1501,"function_hash":"275853421321304377230350950274173232445"},"signature_version":"v1","signature_type":"Function"},{"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80","target":{"file":"libavfilter/avf_showspectrum.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["250532233617630525666009905044867022767","194582591958274878863209184836639564239","227125886964139068306798684359525009788","40860167497756141282452544977085166446","326348326651361237134608616963730923378","154273557118656779635079618854588554963","241606846815952780929768774717623257920","67319824489307266950063527132783653611","228516383350692131914323700304375399211","245436152201377792979986113436582207706","143699722123922216614110538188165980576","306379917006651681453983987768675175054","295457282195391662764968689487949667200","265569340028293789397355734375380009810","106893742699276585517912621613042015149","106828020190799482486142411174608799688","25704759226410402609445500067849050913","310379738612102410359831135143205885562","247934203642479604600207401908139406399","111905485109007306582292741892536245665","129798359628271940009015269257031155306","7081604456532196464350826583474232040","337356458146238461341601401798262327765","243834143172923746614423164475979690249","70418481661112592531239682396141613365","154829577219924623419563959108120085931","65567123329795840849857985849537737313","303177262638486277294531270427874452634","301703322554646559485556544349706546186","256979503608850930412982167122873879994","299952934514550512529882293827230584025","32501823974734762890683571086070068504","93177973709399544403419829438569230145","90786471257243737504591675892371621701","94011914189832907386675584114145845558","306723383863773597023355021261511473004","54195538040429664471698288816681239260","159374420741889739359195056586757402602","193806644736244063889764099187622505111","267198152436879007340538928878458744740","81875991850722112531568804455199345439","4085916443323496932767380374248342369","105561746031984592664938699462846615101","76087931201330097498123772488477618479","278691005488740019259084223170444378695","22401791163325166125254546151608785984","151028192679197481296948757561613093453","234607267632319265228374283402168028787","75515200356175784129632406698445823865","63049116340069989721551920397953736987","65163501723646798889586786304376239564","299518649980722952531926706038020778383","22327497942021027487320473168384666716","289840559285559536048459952440050167952","223576784291265079838493710114425656582","29694487222956653771456961965673921016","183116735891046150052197438894557719890","265368811490675528674392243467823441503","181756861584670553589118800213133243528","62581629934733616955533783054164499648","126296416006931555399214388662193686716","140679681336220295995554828171566347440","202509340766376707361383686119568983853","64800909931499484304489655145158408314","159478891854985605053507781041303577259","56878507645636051350068799062562746878","257179265152451424985524203781425180638","197831654425686442281256037598396944365","250804910745208697685221098563791665622","306253043406362381251100917172882585079","11432692103436598000648559338586983111","222207863861618326648639584653309770125","323620138187327537607305614189219706832","49792358454404042386797029963462785039","68862123158537131419311384008690315293","257604871655116864218729605859691911721","143634043165514579821718655515097201721","186106986779126889154764157050937179610","151522292588456309234477412434849005721","303514792429508531600704762798257981843","55783564622999452805582702747138205841","233950637175343161122656691897251755071","138000056004172336468877395478060330860","2187491675623441286097036565675740094","42716586235007452346547718673402707156","292632199909891051677796721233071147986","302156693264269974226983990626107147457","100585141979265542425509056723235311980","49935636710269788657906813307408330954","38765955685104945812533191404572052884","210827346167043240497468542753447261857","53030916757982481451674708548410210212","664071554938959622005801504923102651","237449347485015524143009837583016784532","110992335960826137281647999399619219537","131539426750128741106533015578609524278","56332281064249178318644783100600929396","255248721043799202394282588619373582355","246158774966933567985968506885556391788","16107803958027290568821941992261488295","100754875046808917963319541262181873012","39023771934203507955053523772098890546","206742092424235259523276152824431081718","29795666054093522200001082900431504819","218626082641524466535896593869319871922","25663616186130672631425575673222038463","11714727554792303155716761739253511107","198682352874119015339497580778030432980","250558317086638963163650166405739204866","9570040017366744206236898565866316548","339878222335651647215777735961627470369","324090555222761696570510828874497097627","266373531574948192397083648480428432235","179333219036868927002838049149409475484","68855119561916594754402829975855853856","97848681260013410882197308943542975195","23368829563728921410149992311037819509","143372520253043781213100281516072647881","310291683160564978288871201073184481027","159074032282968499208039728244362650765","25772380844906619271907953969310422538","185957640283375215816315376358104889014","242134988937918544634562137314594017548","281258745959129832511995159821857833941","60858381673747769902996496395501704221","104661545179304568684468592169585876346","227460343978213491619981547289562445252","159997843418105341563968368820207368613","246983540571454700844016261001949086117","202226273829331551157239758882435366633","154167605484695974908540064258935036200","298259087643816598693765932045449968720","212499118045782667657447262392654911366","148510978415296703264627968452401813770","140656618451013934609010123712459698256","113610989764517363275288683588563437561","138000056004172336468877395478060330860","180621336919910656610076127790645510287","218047422126170765890423527786070495246","191286382076754437535315723461220239224","96639018764523612035611772349933871239","135110596199196902433656616165752476099","180847897275252642685903867825514169702","287733776235741636517553297754987472179","213731164308240384735407773091690856201","198493662721281249805892604184566411221","255901871596336295849124747052588255812","164634229321366885449696088497656907861","277580431540105939972768179168115273824","303420011166713403484377146857848457115","21625154443344124184577473256066289703","80691949216117566420984336224286424189","194918456523563857353369462322893312646","315545749006326639746655626057958615302","271494451450679206235344626856166063540","140003512576265262039853190377914100060","62997903029683276164318802116564831954"]},"signature_version":"v1","id":"CVE-2024-31585-0e3cc743"},{"source":"https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80","deprecated":false,"target":{"file":"libavfilter/avf_showspectrum.c","function":"activate"},"signature_version":"v1","signature_type":"Function","digest":{"length":3209,"function_hash":"43389215854740235017310413889448707456"},"id":"CVE-2024-31585-22f60948"},{"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/3061bf668feffc7c1f0b244205167b3b86da8015","target":{"file":"libavfilter/avf_showspectrum.c","function":"showspectrumpic_request_frame"},"signature_type":"Function","digest":{"length":1862,"function_hash":"299677327369700206077138911515669018881"},"signature_version":"v1","id":"CVE-2024-31585-51d1e00a"},{"source":"https://github.com/ffmpeg/ffmpeg/commit/ab0fdaedd1e7224f7e84ea22fcbfaa4ca75a6c06","deprecated":false,"target":{"file":"libavfilter/avf_showspectrum.c","function":"showspectrumpic_request_frame"},"signature_version":"v1","signature_type":"Function","digest":{"length":1862,"function_hash":"299677327369700206077138911515669018881"},"id":"CVE-2024-31585-8208022b"},{"source":"https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80","deprecated":false,"target":{"file":"libavfilter/avf_showspectrum.c","function":"showspectrumpic_request_frame"},"signature_version":"v1","signature_type":"Function","digest":{"length":1695,"function_hash":"226536095738575176497693434359181492851"},"id":"CVE-2024-31585-8aa3b92e"},{"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80","target":{"file":"libavfilter/avf_showspectrum.c","function":"run_channel_fft"},"signature_version":"v1","signature_type":"Function","digest":{"length":3072,"function_hash":"240087826172699288574849261300559284648"},"id":"CVE-2024-31585-8b6d649a"},{"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80","target":{"file":"libavfilter/avf_showspectrum.c","function":"config_output"},"signature_version":"v1","signature_type":"Function","digest":{"length":8223,"function_hash":"111808552109293659856030158406063628659"},"id":"CVE-2024-31585-cd5d3834"},{"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80","target":{"file":"libavfilter/avf_showspectrum.c","function":"plot_spectrum_column"},"signature_version":"v1","signature_type":"Function","digest":{"length":4366,"function_hash":"65730801919738550572485403140693205865"},"id":"CVE-2024-31585-cdeda172"},{"deprecated":false,"source":"https://github.com/ffmpeg/ffmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80","target":{"file":"libavfilter/avf_showspectrum.c","function":"showspectrumpic_filter_frame"},"signature_version":"v1","signature_type":"Function","digest":{"length":258,"function_hash":"100662805910983519715205790507976560538"},"id":"CVE-2024-31585-e1104cf1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31585.json","vanir_signatures_modified":"2026-04-12T07:01:46Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"40"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H"}]}