Search for vulnerabilities
Vulnerability details: VCID-pj49-8yyw-mkd2
Vulnerability ID VCID-pj49-8yyw-mkd2
Aliases CVE-2024-36617
Summary FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
Status Published
Exploitability 0.5
Weighted Severity 5.6
Risk 2.8
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-36617
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.2 https://gist.github.com/1047524396/f20749f8addc8f86de9cfacf17ba29df
ssvc Track https://gist.github.com/1047524396/f20749f8addc8f86de9cfacf17ba29df
cvssv3.1 6.2 https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/cafdec.c#L274
ssvc Track https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/cafdec.c#L274
cvssv3.1 6.2 https://github.com/ffmpeg/ffmpeg/commit/d973fcbcc2f944752ff10e6a76b0b2d9329937a7
ssvc Track https://github.com/ffmpeg/ffmpeg/commit/d973fcbcc2f944752ff10e6a76b0b2d9329937a7
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-36617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36617
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gist.github.com/1047524396/f20749f8addc8f86de9cfacf17ba29df
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/cafdec.c#L274
https://github.com/ffmpeg/ffmpeg/commit/d973fcbcc2f944752ff10e6a76b0b2d9329937a7
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
CVE-2024-36617 https://nvd.nist.gov/vuln/detail/CVE-2024-36617
USN-7188-1 https://usn.ubuntu.com/7188-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://gist.github.com/1047524396/f20749f8addc8f86de9cfacf17ba29df
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:57:06Z/ Found at https://gist.github.com/1047524396/f20749f8addc8f86de9cfacf17ba29df
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/cafdec.c#L274
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:57:06Z/ Found at https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/cafdec.c#L274
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/ffmpeg/ffmpeg/commit/d973fcbcc2f944752ff10e6a76b0b2d9329937a7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:57:06Z/ Found at https://github.com/ffmpeg/ffmpeg/commit/d973fcbcc2f944752ff10e6a76b0b2d9329937a7
Exploit Prediction Scoring System (EPSS)
Percentile 0.03726
EPSS Score 0.00023
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-12-03T01:30:56.654632+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-36617 35.0.0