HCE2-SA-2024-0314 Critical HCE 2.0 Security Fix(es): An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. (CVE-2024-36616) FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. (CVE-2024-35368) FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. (CVE-2024-35366) FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer (CVE-2024-35367) HCE 2.0 ffmpeg-devel-4.2.4-4.r16.hce2.aarch64.rpm ffmpeg-libs-4.2.4-4.r16.hce2.aarch64.rpm libavdevice-4.2.4-4.r16.hce2.aarch64.rpm ffmpeg-devel-4.2.4-4.r16.hce2.x86_64.rpm ffmpeg-libs-4.2.4-4.r16.hce2.x86_64.rpm libavdevice-4.2.4-4.r16.hce2.x86_64.rpm