CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-36613: FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a...

Description

FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.

Classification

CVE ID: CVE-2024-36613

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.83% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://github.com/ffmpeg/ffmpeg/commit/50d8e4f27398fd5778485a827d7a2817921f8540
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/dxa.c#L125
https://gist.github.com/1047524396/0f4d90ef87553f772f888223085ac806

Timeline

2025-01-04 00:30:14 UTC
CVE

FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a...