PT-2024-10419 · FFmpeg+6 · Ffmpeg+6

Published

2024-03-27

Updated

2025-10-15

CVE-2024-36616

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FFmpeg version 6.1.1

Description The issue is related to an integer overflow in the libavformat/westwood vqa.c component of the FFmpeg library. This can be exploited by a remote attacker using a specially crafted VQA file, potentially leading to a denial of service.

Recommendations For FFmpeg version 6.1.1, consider disabling the use of the westwood vqa.c component until a patch is available to prevent potential denial of service attacks via crafted VQA files.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2025-00951

CVE-2024-36616

DSA-5712-1

DSA-5721-1

OESA-2024-2553

OESA-2024-2554

OESA-2024-2574

OESA-2024-2575

OESA-2024-2576

OPENSUSE-SU-2025:15177-1

OPENSUSE-SU-2025:15215-1

OPENSUSE-SU-2026:20710-1

SUSE-SU-2025:02352-1

SUSE-SU-2025:02381-1

SUSE-SU-2025_02352-1

USN-7823-1

Affected Products

Astra Linux

Debian

Ffmpeg

Linuxmint

Red Os

Suse

Ubuntu

PT-2024-10419 · FFmpeg+6 · Ffmpeg+6

CVE-2024-36616

Weakness Enumeration

Related Identifiers

Affected Products

References · 65