VDB
CVE-2024-36618
CVE-2024-36618
PUBLISHED
CVSS 8.699999809265137 HIGH
Das FFmpeg-Projekt besteht aus freien Programmen und Bibliotheken, die es ermöglichen, digitales Video- und Audiomaterial aufzunehmen, zu konvertieren, zu streamen und abzuspielen. Zudem enthält es mit libavcodec eine Audio- und Video-Codec-Sammlung, die verschiedene Codecs zur Verfügung stellt.
EPSS 0.04% · 11.5th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.04%
11.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | |
| Open Source | Open Source ffmpeg <=n6.1.1 | |
| SUSE | SUSE Linux | |
| SUSE | SUSE openSUSE | |
| Debian | Debian Linux |
Exploit Intelligence
- CIRCL seen: CVE-2024-36618 (circl-sighting)
- CIRCL seen: CVE-2024-36618 (circl-sighting)
- https://lists.debian.org/debian-lts-announce/2025/02/msg00000.html (circl)
- https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857 (circl)
- https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/avidec.c#L1699 (circl)
- https://gist.github.com/1047524396/a148f3679415a6da53ca112eb2ba1523 (circl)
Timeline
- Nov 29, 2024 CVE Published
- Nov 29, 2024 PoC Published
- Nov 30, 2024 EPSS Score
- Nov 30, 2024 Coalition ESS Score
- Dec 2, 2024 Coalition ESS Score
- Dec 18, 2024 EPSS Score
- Jan 4, 2025 EPSS Score
- Jan 20, 2025 Coalition ESS Score
- Jan 21, 2025 EPSS Score
- Jan 27, 2025 Coalition ESS Score
- Feb 7, 2025 EPSS Score
- Feb 16, 2025 Coalition ESS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3572.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3572 advisory
- https://github.com/advisories/GHSA-c655-qv2v-73rm advisory
- https://ubuntu.com/security/notices/USN-7188-1 advisory
- https://lists.debian.org/debian-lts-announce/2025/02/msg00000.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/ZB33CK26BY2QPYGREWH7HHWHPSLGY4DI/ advisory
- https://lists.suse.com/pipermail/sle-security-updates/2025-March/020516.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2025-April/020649.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/BUTZTVXUCY5PWI25OBULIPCCLGEGSU7X/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BUTZTVXUCY5PWI25OBULIPCCLGEGSU7X/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VRV2HFFHZK4M5WT2N2QVH4SDEORPP6SK/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/E5C3GC7VTUMYO4WCWZXPMHKMIVO4WJ3W/ advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/H2PRVBAR3CBT6GKTR4CK3DX6YQQ2NP5D/ advisory
- https://lists.suse.com/pipermail/sle-security-updates/2025-July/021847.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2025-July/021852.html advisory
- https://lists.debian.org/debian-security-announce/2025/msg00149.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2025-August/022264.html advisory
- https://ubuntu.com/security/notices/USN-7823-1 advisory
- https://lists.debian.org/debian-lts-announce/2026/01/msg00011.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XSCJKF66LTONP72VM5TT4DGXICKOBAGB/ advisory
…and 3 more