CVE-2024-36617

FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/1047524396/f20749f8addc8f86de9cfacf17ba29df	Third Party Advisory
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/cafdec.c#L274	Product
https://github.com/ffmpeg/ffmpeg/commit/d973fcbcc2f944752ff10e6a76b0b2d9329937a7	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ffmpeg:ffmpeg::::::::
	cpe:2.3:a:ffmpeg:ffmpeg::::::::
	cpe:2.3:a:ffmpeg:ffmpeg::::::::
	cpe:2.3:a:ffmpeg:ffmpeg::::::::
	cpe:2.3:a:ffmpeg:ffmpeg::::::::

History

No history.

Information

Published : 2024-11-29 18:15

Updated : 2025-06-03 18:06

NVD link : CVE-2024-36617

Mitre link : CVE-2024-36617

CVE.ORG link : CVE-2024-36617

JSON object : View

Products Affected

ffmpeg

ffmpeg

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2024-36617", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}]}, "published": "2024-11-29T18:15:07.230", "references": [{"url": "https://gist.github.com/1047524396/f20749f8addc8f86de9cfacf17ba29df", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/cafdec.c#L274", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/ffmpeg/ffmpeg/commit/d973fcbcc2f944752ff10e6a76b0b2d9329937a7", "tags": ["Patch"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder."}, {"lang": "es", "value": "FFmpeg n6.1.1 tiene una vulnerabilidad de desbordamiento de enteros en el decodificador CAF de FFmpeg."}], "lastModified": "2025-06-03T18:06:03.973", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF619235-217F-4155-8B43-3F551A6E9CD6", "versionEndExcluding": "3.4.14"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63FBBEE8-C95A-48F4-97DB-C50945F8BA38", "versionEndExcluding": "4.2.9", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53094C6A-8364-41FF-B723-0964F01EB656", "versionEndExcluding": "4.3.7", "versionStartIncluding": "4.3"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18CBACDC-227D-466E-BEC3-BDBF61109425", "versionEndExcluding": "4.4.5", "versionStartIncluding": "4.4"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B868E70-5C01-4846-ADCF-F66550DC8A48", "versionEndExcluding": "6.1.2", "versionStartIncluding": "5.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}