Unrated severityNVD Advisory· Published Nov 29, 2024· Updated Dec 3, 2024

CVE-2024-36615

Description

FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

FFmpeg/Ffmpegcpe-rescue2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: = n7.0
osv-coords
pkg:rpm/opensuse/ffmpeg-7&distro=openSUSE%20Tumbleweed
Range: < 7.1.1-4.1

Patches

Vulnerability mechanics

References

gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fbmitre
github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.cmitre
github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000