CVE-2024-36616

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 29, 2024
Updated: Dec 2, 2024
CWE ID 190

Summary

CVE-2024-36616 represents a denial-of-service vulnerability in FFmpeg version n6.1.1. The issue lies within the /libavformat/westwood_vqa.c component, which can be exploited through a specially crafted VQA file. By inducing an integer overflow in this component, attackers can trigger a denial-of-service condition in the application. This vulnerability poses a threat to systems running FFmpeg with the susceptible version and could be exploited to disrupt normal operations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share