CVE-2024-36617

Name
CVE-2024-36617
Description
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://github.com/ffmpeg/ffmpeg/commit/d973fcbcc2f944752ff10e6a76b0b2d9329937a7
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/cafdec.c#L274
https://gist.github.com/1047524396/f20749f8addc8f86de9cfacf17ba29df

Match rules

CPE URI Source package Min version Max version
n/a == n/a == n/a
cpe:2.3:a:ffmpeg:ffmpeg:6.1.1:*:*:*:*:*:*:* ffmpeg == None == 6.1.1
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* ffmpeg >= None < 3.4.14
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* ffmpeg >= 4.0 < 4.2.9
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* ffmpeg >= 4.3 < 4.3.7
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* ffmpeg >= 4.4 < 4.4.5
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* ffmpeg >= 5.0 < 6.1.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ffmpeg edge-community 7.1.1-r0 Achill Gilgenast <achill@achill.org> fixed
ffmpeg edge-community 6.1.1-r10 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.1.1-r9 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.1.1-r8 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.1.1-r7 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.1.1-r6 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.1.1-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.1.1-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.1.1-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.1.1-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.1.1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.1.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0.1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r27 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r26 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r25 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r24 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r23 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r22 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r21 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r20 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r19 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r18 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r17 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r16 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r15 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r14 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r13 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r12 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r10 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r9 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r8 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r7 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r6 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 6.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1.2-r9 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1.2-r8 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1.2-r7 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1.2-r6 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1.2-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1.2-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1.2-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1.2-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1.2-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.0.1-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.0.1-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.0.1-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.0.1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.0.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.0-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.0-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.0-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 5.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 4.4.1-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 4.4.1-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 4.4.1-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 4.4.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 4.4-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 4.4-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 4.4-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 4.4-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 4.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
ffmpeg edge-community 4.3.2-r0 None possibly vulnerable
ffmpeg edge-community 4.3.1-r0 None possibly vulnerable
ffmpeg edge-community 4.3-r0 None possibly vulnerable
ffmpeg edge-community 4.2.1-r0 None possibly vulnerable
ffmpeg edge-community 4.2-r0 None possibly vulnerable
ffmpeg edge-community 4.1.4-r0 None possibly vulnerable
ffmpeg edge-community 4.1.3-r0 None possibly vulnerable
ffmpeg edge-community 4.1.1-r0 None possibly vulnerable
ffmpeg edge-community 4.1-r0 None possibly vulnerable
ffmpeg edge-community 4.0.2-r0 None possibly vulnerable
ffmpeg edge-community 4.0.1-r0 None possibly vulnerable
ffmpeg edge-community 4.0.0-r0 None possibly vulnerable
ffmpeg edge-community 3.4.4-r0 None possibly vulnerable
ffmpeg edge-community 3.4.3-r0 None possibly vulnerable
ffmpeg edge-community 3.3.4-r0 None possibly vulnerable
ffmpeg 3.22-community 6.1-r0 None possibly vulnerable
ffmpeg 3.22-community 6.0.1-r0 None possibly vulnerable
ffmpeg 3.22-community 6.0-r0 None possibly vulnerable
ffmpeg 3.22-community 5.1-r1 None possibly vulnerable
ffmpeg 3.22-community 4.4.1-r0 None possibly vulnerable
ffmpeg 3.22-community 4.4-r1 None possibly vulnerable
ffmpeg 3.22-community 4.4-r0 None possibly vulnerable
ffmpeg 3.22-community 4.3.2-r0 None possibly vulnerable
ffmpeg 3.22-community 4.3.1-r0 None possibly vulnerable
ffmpeg 3.22-community 4.3-r0 None possibly vulnerable
ffmpeg 3.22-community 4.2.1-r0 None possibly vulnerable
ffmpeg 3.22-community 4.2-r0 None possibly vulnerable
ffmpeg 3.22-community 4.1.4-r0 None possibly vulnerable
ffmpeg 3.22-community 4.1.3-r0 None possibly vulnerable
ffmpeg 3.22-community 4.1.1-r0 None possibly vulnerable
ffmpeg 3.22-community 4.1-r0 None possibly vulnerable
ffmpeg 3.22-community 4.0.2-r0 None possibly vulnerable
ffmpeg 3.22-community 4.0.1-r0 None possibly vulnerable
ffmpeg 3.22-community 4.0.0-r0 None possibly vulnerable
ffmpeg 3.22-community 3.4.4-r0 None possibly vulnerable
ffmpeg 3.22-community 3.4.3-r0 None possibly vulnerable
ffmpeg 3.22-community 3.3.4-r0 None possibly vulnerable