CVE-2024-36619

Name
CVE-2024-36619
Description
FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://github.com/ffmpeg/ffmpeg/commit/28c7094b25b689185155a6833caf2747b94774a4
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/wavarc.c#L651
https://gist.github.com/1047524396/fad68e8251f4e34a1bb838de697d5119

Match rules

CPE URI Source package Min version Max version
n/a == n/a == n/a
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* ffmpeg == 6.1.1 == 6.1.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
ffmpeg 3.20-community 6.1.1-r8 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable