Search for vulnerabilities
Vulnerability details: VCID-be1k-dfpx-57hr
Vulnerability ID VCID-be1k-dfpx-57hr
Aliases CVE-2024-36616
Summary An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.0015 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.0015 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.0015 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.0015 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.0015 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00176 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00212 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00212 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00212 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.00232 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.0027 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.0027 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.0027 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.0027 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.0027 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.0027 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.0027 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.0027 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.0027 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.0027 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
epss 0.0027 https://api.first.org/data/v1/epss?cve=CVE-2024-36616
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.5 https://gist.github.com/1047524396/ded3e1509d8296ec4a91817867d108e0
ssvc Track https://gist.github.com/1047524396/ded3e1509d8296ec4a91817867d108e0
cvssv3.1 6.5 https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/westwood_vqa.c#L265
ssvc Track https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/westwood_vqa.c#L265
cvssv3.1 6.5 https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661
ssvc Track https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-36616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36617
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
86f73277bf014e2ce36dd2594f1e0fb8b3bd6661 https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661
cpe:2.3:a:ffmpeg:ffmpeg:6.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:6.1.1:*:*:*:*:*:*:*
CVE-2024-36616 https://nvd.nist.gov/vuln/detail/CVE-2024-36616
ded3e1509d8296ec4a91817867d108e0 https://gist.github.com/1047524396/ded3e1509d8296ec4a91817867d108e0
westwood_vqa.c#L265 https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/westwood_vqa.c#L265
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://gist.github.com/1047524396/ded3e1509d8296ec4a91817867d108e0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:41:33Z/ Found at https://gist.github.com/1047524396/ded3e1509d8296ec4a91817867d108e0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/westwood_vqa.c#L265
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:41:33Z/ Found at https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/westwood_vqa.c#L265
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:41:33Z/ Found at https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661
Exploit Prediction Scoring System (EPSS)
Percentile 0.36208
EPSS Score 0.0015
Published At Sept. 16, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:00:18.680892+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2024/36xxx/CVE-2024-36616.json 37.0.0