CVE-2024-22861 – An integer overflow vulnerability in FFmpeg's a... (How to Fix)

Q: What is the severity of CVE-2024-22861?

CVE-2024-22861 has a CVSS score of 7.5 (HIGH). An integer overflow vulnerability in FFmpeg's avcodec/osq module allows attackers to cause denial of service (DoS) by triggering crashes or resource exhaustion. This affects systems running FFmpeg versions before n6.1 that process untrusted media files. Media processing servers, video streaming services, and applications using vulnerable FFmpeg libraries are at risk.

📋 TL;DR

An integer overflow vulnerability in FFmpeg's avcodec/osq module allows attackers to cause denial of service (DoS) by triggering crashes or resource exhaustion. This affects systems running FFmpeg versions before n6.1 that process untrusted media files. Media processing servers, video streaming services, and applications using vulnerable FFmpeg libraries are at risk.

💻 Affected Systems

Products:

FFmpeg

Versions: All versions before n6.1

Operating Systems: All platforms running FFmpeg

Default Config Vulnerable: ⚠️ Yes

Notes: Any application or service using FFmpeg libraries to process media files is vulnerable if using affected versions.

📦 What is this software?

Ffmpeg by Ffmpeg

View all CVEs affecting Ffmpeg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption through process crashes, potentially leading to system instability or cascading failures in dependent services.

🟠

Likely Case

Application crashes or hangs when processing specially crafted media files, causing temporary service unavailability.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing, potentially only affecting isolated media processing components.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires feeding specially crafted media files to vulnerable FFmpeg instances. No authentication needed if file upload/processing is accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FFmpeg n6.1 and later

Vendor Advisory: https://github.com/FFmpeg/FFmpeg/commit/87b8c1081959e45ffdcbabb3d53ac9882ef2b5ce

Restart Required: Yes

Instructions:

1. Update FFmpeg to version n6.1 or later. 2. Rebuild any applications using FFmpeg libraries. 3. Restart affected services. 4. Verify the fix with test media processing.

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict input validation for media files before processing with FFmpeg

Process isolation

linux

Run FFmpeg in isolated containers or sandboxes with resource limits

docker run --memory=512m --cpus=1 ffmpeg_container

🧯 If You Can't Patch

Implement strict file type validation and size limits for media uploads
Deploy network segmentation to isolate media processing servers from critical systems

🔍 How to Verify

Check if Vulnerable:

Check FFmpeg version: ffmpeg -version | grep 'FFmpeg version'

Check Version:

ffmpeg -version | head -1

Verify Fix Applied:

Confirm version is n6.1 or later and test with known safe media files

📡 Detection & Monitoring

Log Indicators:

FFmpeg process crashes
Segmentation fault errors
Abnormal memory usage spikes in media processing

Network Indicators:

Unusual media file upload patterns
Repeated failed media processing requests

SIEM Query:

source="*ffmpeg*" AND ("segmentation fault" OR "SIGSEGV" OR "crash")

📊 Metadata

CVE ID: CVE-2024-22861

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-190

Published: January 27, 2024

Last Updated: August 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22861, you might also want to check these: