JLSEC-2025-137

FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an ...

JLSEC Published: Oct 19, 2025
Modified: Oct 31, 2025
Affected Packages: FFMPEG_jll >= 6.1.1+0, < 6.1.2+0
Aliases / Upstream: CVE-2024-36618

FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.

References

https://gist.github.com/1047524396/a148f3679415a6da53ca112eb2ba1523
https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/avidec.c#L1699
https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857