CVE-2024-36616
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Nov 29, 2024
Updated: Dec 2, 2024
CWE ID 190
Summary
CVE-2024-36616 represents a denial-of-service vulnerability in FFmpeg version n6.1.1. The issue lies within the /libavformat/westwood_vqa.c component, which can be exploited through a specially crafted VQA file. By inducing an integer overflow in this component, attackers can trigger a denial-of-service condition in the application. This vulnerability poses a threat to systems running FFmpeg with the susceptible version and could be exploited to disrupt normal operations.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- FFmpeg