vulnerability

Alpine Linux: CVE-2024-7055: Heap-based Buffer Overflow

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Aug 6, 2024	Dec 5, 2025	Dec 22, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Aug 6, 2024

Added

Dec 5, 2025

Modified

Dec 22, 2025

Description

A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.

Solution

alpine-linux-upgrade-ffmpeg

References

CVE-2024-7055
https://attackerkb.com/topics/CVE-2024-7055
URL-https://security.alpinelinux.org/vuln/CVE-2024-7055
CWE-122
CWE-787

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today