7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-31578

CVE-2024-31578: FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init...

FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-31578

CVE-2024-31578:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability, a heap use-after-free, is explicitly stated in the CVE description and commit message to occur via the av_hwframe_ctx_init function in libavutil/hwcontext.c. The provided commit patch directly modifies this function. The changes involve removing goto fail; statements and the corresponding fail: block, which contained a call to ctx->internal->hw_type->frames_uninit(ctx). This call, when made after certain initialization functions (e.g., vulkan_frames_init, as mentioned in the commit message) failed, would lead to the use-after-free. Therefore, av_hwframe_ctx_init is the function that contained the vulnerable logic that incorrectly invoked frames_uninit under specific failure conditions, making it the primary vulnerable function. The patch directly addresses this flawed logic within av_hwframe_ctx_init.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-31578: FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init...

CVE-2024-31578:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Technical Details

CVE-2024-31578: FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init...

7.5

7.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI