{"id":"UBUNTU-CVE-2024-22861","details":"Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.","modified":"2025-07-16T07:46:56.001112Z","published":"2024-01-27T07:15:00Z","withdrawn":"2025-07-18T16:56:24Z","upstream":["CVE-2024-22861"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-22861"},{"type":"REPORT","url":"https://github.com/FFmpeg/FFmpeg/commit/87b8c1081959e45ffdcbabb3d53ac9882ef2b5ce"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2024-22861"}],"affected":[{"package":{"name":"ffmpeg","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/ffmpeg@7:6.1.1-1ubuntu1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7:6.1.1-1ubuntu1"}]}],"versions":["7:6.0-6ubuntu1","7:6.0-9ubuntu1","7:6.1-2ubuntu1","7:6.1-3ubuntu1","7:6.1-4ubuntu1","7:6.1-5ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"ffmpeg"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"ffmpeg-dbgsym"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"ffmpeg-doc"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavcodec-dev"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavcodec-extra"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavcodec-extra60"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavcodec-extra60-dbgsym"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavcodec60"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavcodec60-dbgsym"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavdevice-dev"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavdevice60"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavdevice60-dbgsym"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavfilter-dev"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavfilter-extra"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavfilter-extra9"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavfilter-extra9-dbgsym"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavfilter9"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavfilter9-dbgsym"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavformat-dev"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavformat-extra"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavformat-extra60"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavformat-extra60-dbgsym"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavformat60"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavformat60-dbgsym"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavutil-dev"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavutil58"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libavutil58-dbgsym"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libpostproc-dev"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libpostproc57"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libpostproc57-dbgsym"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libswresample-dev"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libswresample4"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libswresample4-dbgsym"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libswscale-dev"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libswscale7"},{"binary_version":"7:6.1.1-1ubuntu1","binary_name":"libswscale7-dbgsym"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-22861.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}