CVE-2024-35368: FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec...
9.8
Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability description and the commit message explicitly state that the rkmpp_retrieve_frame function in libavcodec/rkmppdec.c is affected by a double-free vulnerability. The provided patch, obtained via get_commit_infos, modifies this function to correct the error handling that led to the double free. Specifically, the patch adds a call to av_frame_unref(frame) before returning an error in a case where frame->hw_frames_ctx allocation fails. This ensures that resources held by frame (which may have been allocated to frame->buf[0] prior to this check, as per the commit message) are properly released once, preventing them from being freed again by other cleanup mechanisms or when frame is unreferenced later, which was the cause of the double free.