Headline
CVE-2022-3964: git.ffmpeg.org Git - ffmpeg.git/commit
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.
author
Paul B Mahol [email protected]
Sat, 12 Nov 2022 15:12:00 +0000 (16:12 +0100)
committer
Paul B Mahol [email protected]
Sat, 12 Nov 2022 15:15:57 +0000 (16:15 +0100)
commit
92f9b28ed84a77138105475beba16c146bdaf984
tree
ac1cd01bc84f9432bd66a9b1885f9aeaaa591504
tree | snapshot
parent
13c13109759090b7f7182480d075e13b36ed8edd
commit | diff
Related news
Gentoo Linux Security Advisory 202312-14 - Multiple vulnerabilities have been discovered in FFmpeg, the worst of which could lead to code execution. Versions greater than or equal to 6.0 are affected.
Ubuntu Security Notice 5958-1 - It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that FFmpeg could be made to access an out-of-bounds frame by the Apple RPZA encoder. An attacker could possibly use this to cause a denial of service via application crash or access sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.10.