CVE-2024-22860

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 6.1

Description The issue is related to an integer overflow vulnerability in the jpegxl anim read packet() function of the JPEG XL Animation decoder in the FFmpeg multimedia library. This vulnerability can be exploited by a remote attacker to execute arbitrary code. The vulnerability is caused by a flaw in the jpegxl anim read packet() component.

Recommendations For FFmpeg versions prior to 6.1, update to version 6.1 or later to resolve the issue. As a temporary workaround, consider disabling the jpegxl anim read packet() function until a patch is available. Restrict access to the JPEG XL Animation decoder to minimize the risk of exploitation.