vulnerability

FFmpeg: CVE-2024-36617: Integer Overflow or Wraparound

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:N/C:N/I:N/A:C)	Nov 29, 2024	Feb 24, 2025	Apr 17, 2026

Severity

CVSS

(AV:L/AC:L/Au:N/C:N/I:N/A:C)

Published

Nov 29, 2024

Added

Feb 24, 2025

Modified

Apr 17, 2026

Description

FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.

ffmpeg-upgrade-3_4_14ffmpeg-upgrade-4_2_9ffmpeg-upgrade-4_3_7ffmpeg-upgrade-4_4_5ffmpeg-upgrade-5_1_5ffmpeg-upgrade-6_1_2ffmpeg-upgrade-7_0

Rapid7 Labs

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.