Search for vulnerabilities
Vulnerability details: VCID-bc9v-ce3a-9khd
Vulnerability ID VCID-bc9v-ce3a-9khd
Aliases CVE-2024-36616
Summary An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00155 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00193 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.5 https://gist.github.com/1047524396/ded3e1509d8296ec4a91817867d108e0
ssvc Track https://gist.github.com/1047524396/ded3e1509d8296ec4a91817867d108e0
cvssv3.1 6.5 https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/westwood_vqa.c#L265
ssvc Track https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/westwood_vqa.c#L265
cvssv3.1 6.5 https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661
ssvc Track https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-36616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36617
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gist.github.com/1047524396/ded3e1509d8296ec4a91817867d108e0
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/westwood_vqa.c#L265
https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661
cpe:2.3:a:ffmpeg:ffmpeg:6.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:6.1.1:*:*:*:*:*:*:*
CVE-2024-36616 https://nvd.nist.gov/vuln/detail/CVE-2024-36616
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://gist.github.com/1047524396/ded3e1509d8296ec4a91817867d108e0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:41:33Z/ Found at https://gist.github.com/1047524396/ded3e1509d8296ec4a91817867d108e0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/westwood_vqa.c#L265
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:41:33Z/ Found at https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/westwood_vqa.c#L265
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:41:33Z/ Found at https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661
Exploit Prediction Scoring System (EPSS)
Percentile 0.17329
EPSS Score 0.00045
Published At Dec. 3, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-12-03T01:30:56.625047+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-36616 35.0.0