CVE-2024-36619
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Nov 29, 2024
CWE ID 190
Summary
CVE-2024-36619 is a newly identified vulnerability affecting the FFmpeg media player in version n6.1.1. The issue lies within the WAVARC decoder of the libavcodec library, which has a flaw resulting in an integer overflow. This vulnerability can be exploited to trigger a denial-of-service (DoS) condition. An attacker can manipulate specific block types to induce the integer overflow, potentially causing the targeted system to crash or become unresponsive. Updating to a patched version of FFmpeg is recommended to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- FFmpeg