Attackers Can Cause Denial of Service via Crafted VQA File
CVE-2024-36616

Currently unrated

Key Information:

Vendor: FFmpeg
Status: Ffmpeg
Vendor: CVE Published:; 29 November 2024

What is CVE-2024-36616?

An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.

References

https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce...

https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/...

https://gist.github.com/1047524396/ded3e1509d8296ec4a9181...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 29, 2024
Vulnerability Reserved
May 30, 2024