CVE-2024-36617

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-36617

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36617.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-36617

Downstream

DEBIAN-CVE-2024-36617

DSA-5712-1

DSA-5721-1

JLSEC-2025-138

OESA-2024-2574

OESA-2024-2575

OESA-2024-2576

OESA-2024-2577

OESA-2024-2578

SUSE-SU-2025:02352-1

SUSE-SU-2025:02381-1

UBUNTU-CVE-2024-36617

USN-7188-1

openSUSE-SU-2025:15177-1

openSUSE-SU-2025:15215-1

openSUSE-SU-2026:20710-1

Related

Published

2024-11-29T00:00:00Z

Modified

2026-05-12T12:03:32.147110082Z

Severity

6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36617.json",
    "cna_assigner": "mitre"
}

References

Affected packages

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type

GIT

Repo

https://github.com/ffmpeg/ffmpeg

Events

Introduced

Fixed

62e1c442633e8a09a1407a789cd2b50611850788

Introduced

ace829cb45cff530b8a0aed6adf18f329d7a98f6

Fixed

b0fe83714bba7269dc76a5ab9ca0d87b311b0aee

Introduced

80bb65fafab1d2f5f58a8453c6334c784ee27c08

Fixed

41a5eae142c8f00980ae6d58bf3cf8a869e5231a

Introduced

c5079bf3bccd24bf8ed45ff47ff4071fd09e9fd8

Fixed

9bcede27c26b2f7cd469ab6b5c8b9694c30cfca3

Introduced

390d6853d0ef408007feb39c0040682c81c02751

Fixed

b1a4534186ca51b0457579fc05a5739eb2cc45cd

Database specific

{
    "cpe": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.4.14"
        },
        {
            "introduced": "4.0"
        },
        {
            "fixed": "4.2.9"
        },
        {
            "introduced": "4.3"
        },
        {
            "fixed": "4.3.7"
        },
        {
            "introduced": "4.4"
        },
        {
            "fixed": "4.4.5"
        },
        {
            "introduced": "5.0"
        },
        {
            "fixed": "6.1.2"
        }
    ]
}

Affected versions

Other

n0.*

n0.11-dev

n0.12-dev

n0.8

n1.*

n1.1-dev

n1.2-dev

n1.3-dev

n2.*

n2.0

n2.1-dev

n2.2-dev

n2.3-dev

n2.4-dev

n2.5-dev

n2.6-dev

n2.7-dev

n2.8-dev

n2.9-dev

n3.*

n3.1-dev

n3.2-dev

n3.3-dev

n3.4

n3.4-dev

n3.4.1

n3.4.10

n3.4.11

n3.4.12

n3.4.13

n3.4.2

n3.4.3

n3.4.4

n3.4.5

n3.4.6

n3.4.7

n3.4.8

n3.4.9

n3.5-dev

n4.*

n4.1-dev

n4.2

n4.2-dev

n4.2.1

n4.2.2

n4.2.3

n4.2.4

n4.2.5

n4.2.6

n4.2.7

n4.2.8

n4.3

n4.3-dev

n4.3.1

n4.3.2

n4.3.3

n4.3.4

n4.3.5

n4.3.6

n4.4

n4.4-dev

n4.4.1

n4.4.2

n4.4.3

n4.4.4

n4.5-dev

n5.*

n5.1-dev

n5.2-dev

n6.*

n6.1

n6.1-dev

n6.1.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36617.json"