VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-dgna-mwnu-zbh4

Essentials
Severities (84)
References (8)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-dgna-mwnu-zbh4
Aliases	CVE-2024-36619
Summary	FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition.
Status	Published
Exploitability	0.5
Weighted Severity	4.8
Risk	2.4
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.0009	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00127	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
epss	0.00168	https://api.first.org/data/v1/epss?cve=CVE-2024-36619
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.3	https://gist.github.com/1047524396/fad68e8251f4e34a1bb838de697d5119
ssvc	Track	https://gist.github.com/1047524396/fad68e8251f4e34a1bb838de697d5119
cvssv3.1	5.3	https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/wavarc.c#L651
ssvc	Track	https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/wavarc.c#L651
cvssv3.1	5.3	https://github.com/ffmpeg/ffmpeg/commit/28c7094b25b689185155a6833caf2747b94774a4
ssvc	Track	https://github.com/ffmpeg/ffmpeg/commit/28c7094b25b689185155a6833caf2747b94774a4

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-36619
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36619
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
28c7094b25b689185155a6833caf2747b94774a4		https://github.com/ffmpeg/ffmpeg/commit/28c7094b25b689185155a6833caf2747b94774a4
cpe:2.3:a:ffmpeg:ffmpeg:6.1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:6.1.1:::::::*
CVE-2024-36619		https://nvd.nist.gov/vuln/detail/CVE-2024-36619
fad68e8251f4e34a1bb838de697d5119		https://gist.github.com/1047524396/fad68e8251f4e34a1bb838de697d5119
wavarc.c#L651		https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/wavarc.c#L651

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://gist.github.com/1047524396/fad68e8251f4e34a1bb838de697d5119

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-29T18:04:23Z/ Found at https://gist.github.com/1047524396/fad68e8251f4e34a1bb838de697d5119

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/wavarc.c#L651

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-29T18:04:23Z/ Found at https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/wavarc.c#L651

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/ffmpeg/ffmpeg/commit/28c7094b25b689185155a6833caf2747b94774a4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-29T18:04:23Z/ Found at https://github.com/ffmpeg/ffmpeg/commit/28c7094b25b689185155a6833caf2747b94774a4

Exploit Prediction Scoring System (EPSS)

Percentile	0.17329
EPSS Score	0.00045
Published At	Dec. 3, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-11-29T23:49:05.469668+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/36xxx/CVE-2024-36619.json	35.0.0