Search for vulnerabilities
Vulnerability details: VCID-6yyu-zyxe-27ey
Vulnerability ID VCID-6yyu-zyxe-27ey
Aliases CVE-2024-36615
Summary FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.
Status Published
Exploitability 0.5
Weighted Severity 5.3
Risk 2.6
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00041 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2024-36615
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.9 https://gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fb
ssvc Track https://gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fb
cvssv3.1 5.9 https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.c#L1738
ssvc Track https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.c#L1738
cvssv3.1 5.9 https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61
ssvc Track https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-36615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36615
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fb
https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.c#L1738
https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61
cpe:2.3:a:ffmpeg:ffmpeg:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:7.0:*:*:*:*:*:*:*
CVE-2024-36615 https://nvd.nist.gov/vuln/detail/CVE-2024-36615
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fb
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:22:10Z/ Found at https://gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fb
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.c#L1738
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:22:10Z/ Found at https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.c#L1738
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:22:10Z/ Found at https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61
Exploit Prediction Scoring System (EPSS)
Percentile 0.10031
EPSS Score 0.00037
Published At April 27, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-12-03T01:30:56.586894+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-36615 35.0.0