FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7823-1 advisory.

    It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could     possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected     Ubuntu 24.04 LTS. (CVE-2024-35365)

    It was discovered that FFmpeg did not correctly handle certain integer calculations. An attacker could     possibly use this issue to cause a denial of service. (CVE-2024-35366)

    It was discovered that FFmpeg may perform an out-of-bounds read under certain circumstances. An attacker     could possibly use this issue to cause a denial of service. (CVE-2024-35367)

    It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could     possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected     Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-35368)

    It was discovered that FFmpeg did not correctly handle certain inputs, which could lead to an integer     overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary     code. (CVE-2024-36613, CVE-2024-36616, CVE-2024-36618)

    It was discovered that FFmpeg did not correctly handle certain inputs, which could lead to an integer     overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary     code. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-36619)

    It was discovered that FFmpeg did not correctly handle certain memory operations. A remote attacker could     possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected     Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-7055)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1450-1 advisory.

    - CVE-2025-22921: Clear array length when freeing it. (bsc#1237382)
    - CVE-2025-0518: Fix memory data leak when use sscanf(). (bsc#1236007)
    - CVE-2025-22919: Check for valid sample rate, to fix the invalid sample rate >= 0. (bsc#1237371)
    - CVE-2024-12361: Add check for av_packet_new_side_data() to avoid null pointer dereference if allocation     fails. (bsc#1237358)
    - CVE-2024-36613: Adjust order of operations around block align. (bsc#1235092)
    - CVE-2024-35365: Fix double-free on error. (bsc#1235091)
    - CVE-2024-35368: Fix double-free on the AVFrame is unreferenced. (bsc#1234028)
    - CVE-2023-51793: Fix out of array access. (bsc#1223272).
    - CVE-2023-51793: Fixed a heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c     (bsc#1223272).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1128-1 advisory.

    - CVE-2020-22037: Fixed unchecked return value of the init_vlc function (bsc#1186756)
    - CVE-2024-12361: Fixed null pointer dereference (bsc#1237358)
    - CVE-2024-35368: Fixed double free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c     (bsc#1234028)
    - CVE-2024-36613: Fixed integer overflow in the DXA demuxer of the libavformat library (bsc#1235092)
    - CVE-2025-0518: Fixed memory leak due to unchecked sscanf return value (bsc#1236007)
    - CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371)
    - CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component     /libavcodec/jpeg2000dec.c (bsc#1237382)
    - CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351)

    Other fixes:

    - Build with SVT-AV1 3.0.0.

    - Update to release 4.4.5:
    * Adjust bconds to build the package in SLFO without xvidcore.
    * Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch (bsc#1229338)
    * Add ffmpeg-c99.patch so that the package conforms to the C99 standard and builds on i586 with GCC 14.
    * No longer build against libmfx; build against libvpl (bsc#1230983, bsc#1219494)
    * Drop libmfx dependency from our product (jira #PED-10024)
    * Update patch to build with glslang 14
    * Disable vmaf integration as ffmpeg-4 cannot handle vmaf>=3
    * Copy codec list from ffmpeg-6
    * Resolve build failure with binutils >= 2.41. (bsc#1215945)

    - Update to version 4.4.4:
      * avcodec/012v: Order operations for odd size handling
      * avcodec/alsdec: The minimal block is at least 7 bits
      * avcodec/bink:
        - Avoid undefined out of array end pointers in           binkb_decode_plane()
        - Fix off by 1 error in ref end
      * avcodec/eac3dec: avoid float noise in fixed mode addition to         overflow
      * avcodec/eatgq: : Check index increments in tgq_decode_block()
      * avcodec/escape124:
        - Fix signdness of end of input check
        - Fix some return codes
      * avcodec/ffv1dec:
        - Check that num h/v slices is supported
        - Fail earlier if prior context is corrupted
        - Restructure slice coordinate reading a bit
      * avcodec/mjpegenc: take into account component count when         writing the SOF header size
      * avcodec/mlpdec: Check max matrix instead of max channel in         noise check
      * avcodec/motionpixels: Mask pixels to valid values
      * avcodec/mpeg12dec: Check input size
      * avcodec/nvenc:
        - Fix b-frame DTS behavior with fractional framerates
        - Fix vbv buffer size in cq mode
      * avcodec/pictordec: Remove mid exit branch
      * avcodec/pngdec: Check deloco index more exactly
      * avcodec/rpzaenc: stop accessing out of bounds frame
      * avcodec/scpr3: Check bx
      * avcodec/scpr: Test bx before use
      * avcodec/snowenc: Fix visual weight calculation
      * avcodec/speedhq: Check buf_size to be big enough for DC
      * avcodec/sunrast: Fix maplength check
      * avcodec/tests/snowenc:
        - Fix 2nd test
        - Return a failure if DWT/IDWT mismatches
        - Unbreak DWT tests
      * avcodec/tiff: Ignore tile_count
      * avcodec/utils:
        - Allocate a line more for VC1 and WMV3
        - Ensure linesize for SVQ3
        - Use 32pixel alignment for bink
      * avcodec/videodsp_template: Adjust pointers to avoid undefined         pointer things
      * avcodec/vp3: Add missing check for av_malloc
      * avcodec/wavpack:
        - Avoid undefined shift in get_tail()
        - Check for end of input in wv_unpack_dsd_high()
      * avcodec/xpmdec: Check size before allocation to avoid         truncation
      * avfilter/vf_untile: swap the chroma shift values used for plane         offsets
      * avformat/id3v2: Check taglen in read_uslt()
      * avformat/mov: Check samplesize and offset to avoid integer         overflow
      * avformat/mxfdec: Use 64bit in remainder
      * avformat/nutdec: Add check for avformat_new_stream
      * avformat/replaygain: avoid undefined / negative abs
      * swscale/input: Use more unsigned intermediates
      * swscale/output: Bias 16bps output calculations to improve non         overflowing range
      * swscale: aarch64: Fix yuv2rgb with negative stride
      * Use https for repository links

    - Update to version 4.4.3:
      * Stable bug fix release, mainly codecs, filter and format fixes.

    - Add patch to detect SDL2 >= 2.1.0 (bsc#1202848):

    - Update to version 4.4.2:
      * Stable bug fix release, mainly codecs, filter and format fixes.

    - Add conflicts for ffmpeg-5's tools
    - Enable Vulkan filters
    - Fix OS version check, so nvcodec is enabled for Leap too.
    - Disamble libsmbclient usage (can always be built with
      --with-smbclient): the usecase of ffmpeg directly accessing       smb:// shares is quite constructed (most users will have their       smb shares mounted).

    - Update to version 4.4.1:
      * Stable bug fix release, mainly codecs and format fixes.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0862-1 advisory.

    - CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component     /libavcodec/jpeg2000dec.c (bsc#1237382).
    - CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351).
    - CVE-2025-0518: Fixed unchecked sscanf return value which leads to memory data leak (bsc#1236007).
    - CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371).
    - CVE-2024-12361: Fixed NULL Pointer Dereference (bsc#1237358).
    - CVE-2024-35368: Fixed Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c     (bsc#1234028).
    - CVE-2024-36613: Fixed Integer overflow in ffmpeg (bsc#1235092).
    - CVE-2023-50010: Fixed arbitrary code execution via the set_encoder_id function in /fftools/ffmpeg_enc.c     component (bsc#1223256).
    - CVE-2023-51794: Fixed heap-buffer-overflow at libavfilter/af_stereowiden.c (bsc#1223437).
    - CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c     (bsc#1223272).
    - CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in     libavfilter/bwdifdsp.c (bsc#1223235).
    - CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate function in     libavfilter/vf_minterpolate.c (bsc#1223304).
    - CVE-2024-31578: Fixed heap use-after-free via the av_hwframe_ctx_init function (bsc#1223070).
    - CVE-2024-7055: Fixed heap-based buffer overflow in pnmdec.c (bsc#1229026).
    - CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug at libavcodec/mpegvideo_enc.c in     load_input_picture (bsc#1227296).

    Other fixes:
    - Updated to version 4.4.5.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer     overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
    (CVE-2024-36613)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
270676	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : FFmpeg vulnerabilities (USN-7823-1)	Nessus	Ubuntu Local Security Checks	medium
235182	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg (SUSE-SU-2025:1450-1)	Nessus	SuSE Local Security Checks	medium
233840	SUSE SLES15 Security Update : ffmpeg-4 (SUSE-SU-2025:1128-1)	Nessus	SuSE Local Security Checks	medium
232751	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ffmpeg-4 (SUSE-SU-2025:0862-1)	Nessus	SuSE Local Security Checks	medium
228814	Linux Distros Unpatched Vulnerability : CVE-2024-36613	Nessus	Misc.	medium

Detections

Analytics

CVE-2024-36613

medium

Tenable Plugins

medium

medium

medium

medium

medium