CVE-2024-36615

Name of the Vulnerable Software and Affected Versions FFmpeg version n7.0

Description The issue is related to a race condition in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.

Recommendations For FFmpeg version n7.0, as a temporary workaround, consider disabling the VP9 decoder until a patch is available. Restrict access to video encoding parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.