CVE-2024-36613

low-risk

Published 2025-01-03

FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.2/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Ffmpeg

Affected Vendors

Ffmpeg

References (3)

Third Party Advisory https://gist.github.com/1047524396/0f4d90ef87553f772f888223085ac806

Product https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/dxa.c#L125

Patch https://github.com/ffmpeg/ffmpeg/commit/50d8e4f27398fd5778485a827d7a2817921f8540

/ 100

low-risk

Severity 20/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal