| Advisory
Products
MOOLE SCA
Continuous visibility into open-source risk
MOOLE Container Security
End-to-end container defense across the SDLC
MOOLE SAST
Static application security testing for source code
About Us
CVE-2024-36617
Vulnerability Database
CVE-2024-36617
Base Score
MEDIUM
6.2
CVE-2024-36617
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
Vector
LOCAL
Published By
cve@mitre.org
Published Date
Nov 29, 2024, 18:15
Weakness Type (CWE)
:
CWE-190
CVSS Metrics
CVSS v3.1
Base Score
6.2
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Severity
MEDIUM
Version
3.1
Attack Vector (AV)
LOCAL
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality (C)
NONE
Integrity (I)
NONE
Availability (A)
HIGH
References
https://gist.github.com/1047524396/f20749f8addc8f86de9cfacf17ba29df
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/cafdec.c#L274
https://github.com/ffmpeg/ffmpeg/commit/d973fcbcc2f944752ff10e6a76b0b2d9329937a7
Base Score
MEDIUM
6.2
Weakness Type (CWE)
:
CWE-190
CVSS Metrics
CVSS v3.1
Base Score
6.2
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Severity
MEDIUM
Version
3.1
Attack Vector (AV)
LOCAL
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality (C)
NONE
Integrity (I)
NONE
Availability (A)
HIGH
