CVE-2024-36619

MEDIUM EPSS 46.6%
Published Nov 29, 20241y ago · Modified Jun 17, 20262w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Nov 29, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition.

CVSS Details

Base Score
5.3
Exploitability
3.9
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability Low

Threat Intelligence

EPSS Exploit Probability
46.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 1

VendorProductVersionRange
ffmpegffmpeg6.1.1any

References 3

  • gist.github.com https://gist.github.com/1047524396/fad68e8251f4e34a1bb838de697d5119
    Third Party Advisory
  • github.com https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/wavarc.c#L651
    Product
  • github.com https://github.com/ffmpeg/ffmpeg/commit/28c7094b25b689185155a6833caf2747b94774a4
    Patch

Remediation

  • github.com https://github.com/ffmpeg/ffmpeg/commit/28c7094b25b689185155a6833caf2747b94774a4
    Patch