Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser.
The bug is an integer overflow during processing of JPEG XL format files by FFmpeg's built-in parser. Incorrect size or index calculations can lead to memory management errors, which an attacker can exploit to gain control over the program's execution flow. The attack requires no authentication or user interaction — it is sufficient to provide a crafted file or media stream to an application using the vulnerable FFmpeg version.
An attacker can execute arbitrary code (RCE) in the context of the FFmpeg process, which in practice means the possibility of complete system takeover, data theft, or malicious software installation.
FFmpeg should be updated to version n6.1 or later. The patch was introduced in commit ca09d8a0dcd82e3128e62463231296aaf63ae6f7 in the FFmpeg GitHub repository.
FFmpeg in all versions before n6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFfmpeg
APPFfmpeg6.1
Related vulnerabilities
Double Free w FFmpeg — podatność w dekoderze RKMPP (libavcodec)
FFmpeg: Integer Overflow w parse_options (sbgdec.c) — moduł libavformat
FFmpeg: Out-of-bounds Read w dekoderze VP8 na architekturze PowerPC (AltiVec)
FFmpeg: nieprawidłowa walidacja indeksu tablicy w dekodowaniu H.266
Integer overflow w FFmpeg — RCE przez dekoder animacji JPEG XL