Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
The vulnerability lies in the jpegxl_anim_read_packet component responsible for reading animation packets in JPEG XL format. Due to integer overflow (CWE-190), incorrect buffer size or memory index calculation occurs. An attacker can remotely send a crafted multimedia file that triggers this error during processing, potentially leading to out-of-bounds buffer write and arbitrary code execution.
An attacker can gain full control over the system running the vulnerable FFmpeg — including confidentiality, integrity, and availability of data are completely compromised (CVSS scores C:H/I:H/A:H).
FFmpeg should be updated to version n6.1 or later. The patch is available in the project repository (commit d2e8974699a9e35cc1a926bf74a972300d629cd5). If immediate update is not possible, processing of JPEG XL files from untrusted sources should be restricted.
FFmpeg in versions prior to n6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFfmpeg
APPFfmpeg6.1
Related vulnerabilities
Double Free w FFmpeg — podatność w dekoderze RKMPP (libavcodec)
FFmpeg: Integer Overflow w parse_options (sbgdec.c) — moduł libavformat
FFmpeg: Out-of-bounds Read w dekoderze VP8 na architekturze PowerPC (AltiVec)
FFmpeg: nieprawidłowa walidacja indeksu tablicy w dekodowaniu H.266
Integer overflow w FFmpeg — RCE przez parser JPEG XL