{"id":"CVE-2024-22860","details":"Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.","modified":"2026-02-24T11:47:53.685491Z","published":"2024-01-27T06:15:48.430Z","references":[{"type":"FIX","url":"https://github.com/FFmpeg/FFmpeg/commit/d2e8974699a9e35cc1a926bf74a972300d629cd5"},{"type":"ARTICLE","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61991"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ffmpeg/ffmpeg","events":[{"introduced":"0"},{"fixed":"d2e8974699a9e35cc1a926bf74a972300d629cd5"}]}],"versions":["N","n0.11-dev","n0.12-dev","n0.8","n1.1-dev","n1.2-dev","n1.3-dev","n2.0","n2.1-dev","n2.2-dev","n2.3-dev","n2.4-dev","n2.5-dev","n2.6-dev","n2.7-dev","n2.8-dev","n2.9-dev","n3.1-dev","n3.2-dev","n3.3-dev","n3.4-dev","n3.5-dev","n4.1-dev","n4.2-dev","n4.3-dev","n4.4-dev","n4.5-dev","n5.1-dev","n5.2-dev","n6.1-dev"],"database_specific":{"vanir_signatures":[{"id":"CVE-2024-22860-0f557012","deprecated":false,"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/d2e8974699a9e35cc1a926bf74a972300d629cd5","digest":{"threshold":0.9,"line_hashes":["53488719704562141814838009937693765856","304883868025902907842664262674585853251","337951878287262195046649855814749687367","195604420235369802659487413543457347390"]},"signature_type":"Line","target":{"file":"libavformat/jpegxl_anim_dec.c"}},{"id":"CVE-2024-22860-e7d16ad1","deprecated":false,"signature_version":"v1","source":"https://github.com/ffmpeg/ffmpeg/commit/d2e8974699a9e35cc1a926bf74a972300d629cd5","digest":{"function_hash":"88129333516993045956772730340786749034","length":685},"signature_type":"Function","target":{"function":"jpegxl_anim_read_packet","file":"libavformat/jpegxl_anim_dec.c"}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-22860.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}