Race Condition Vulnerability in VP9 Decoder
CVE-2024-36615

Currently unrated

Key Information:

Vendor: FFmpeg
Status: Ffmpeg
Vendor: CVE Published:; 29 November 2024

What is CVE-2024-36615?

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.

References

https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b306...

https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9...

https://gist.github.com/1047524396/c44e5eaafa8f408eea0c94...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 29, 2024
Vulnerability Reserved
May 30, 2024