FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
{ "vanir_signatures": [ { "signature_version": "v1", "target": { "function": "check_stream_max_drift", "file": "libavformat/avidec.c" }, "signature_type": "Function", "source": "https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857", "deprecated": false, "digest": { "length": 1610.0, "function_hash": "161047569905637027961933336242523480358" }, "id": "CVE-2024-36618-b1d6d86d" }, { "signature_version": "v1", "target": { "file": "libavformat/avidec.c" }, "signature_type": "Line", "source": "https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857", "deprecated": false, "digest": { "line_hashes": [ "79877503193409420806658417010009629941", "61604032189457793544937971842491740594", "334969382649036172428619868935832352208", "152556666952770393961820361340073339472" ], "threshold": 0.9 }, "id": "CVE-2024-36618-b89fff22" } ] }