CVE-2024-36619

MEDIUM

FFmpeg n6.1.1 - Denial of Service via WAVARC Decoder Integer Overflow

Title source: llm

Description

FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition.

References (3)

Core 3

Core References

Third Party Advisory

https://gist.github.com/1047524396/fad68e8251f4e34a1bb838de697d5119

Product

https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/wavarc.c#L651

View Writeup ZIP pw:eip

Patch

https://github.com/ffmpeg/ffmpeg/commit/28c7094b25b689185155a6833caf2747b94774a4

View Patch ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0063

EPSS Percentile 45.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (1)

ffmpeg/ffmpeg 6.1.1

Published Nov 29, 2024

Tracked Since Feb 18, 2026