FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
[
{
"source": "https://github.com/ffmpeg/ffmpeg/commit/50d8e4f27398fd5778485a827d7a2817921f8540",
"target": {
"function": "dxa_read_header",
"file": "libavformat/dxa.c"
},
"id": "CVE-2024-36613-87a3b507",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "156825548688141601058306595999969747915",
"length": 2547.0
}
},
{
"source": "https://github.com/ffmpeg/ffmpeg/commit/50d8e4f27398fd5778485a827d7a2817921f8540",
"target": {
"file": "libavformat/dxa.c"
},
"id": "CVE-2024-36613-a1d87f1b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"19354352296333334409736982320068450952",
"111532564721454683587158500601024460103",
"78841884200820564070246950342625793320",
"53617894850614730808238348823325094575"
],
"threshold": 0.9
}
}
]