Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-3964: git.ffmpeg.org Git - ffmpeg.git/commit

A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.

CVE
#vulnerability#git#auth

author

Paul B Mahol [email protected]

Sat, 12 Nov 2022 15:12:00 +0000 (16:12 +0100)

committer

Paul B Mahol [email protected]

Sat, 12 Nov 2022 15:15:57 +0000 (16:15 +0100)

commit

92f9b28ed84a77138105475beba16c146bdaf984

tree

ac1cd01bc84f9432bd66a9b1885f9aeaaa591504

tree | snapshot

parent

13c13109759090b7f7182480d075e13b36ed8edd

commit | diff

Related news

Gentoo Linux Security Advisory 202312-14

Gentoo Linux Security Advisory 202312-14 - Multiple vulnerabilities have been discovered in FFmpeg, the worst of which could lead to code execution. Versions greater than or equal to 6.0 are affected.

Ubuntu Security Notice USN-5958-1

Ubuntu Security Notice 5958-1 - It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that FFmpeg could be made to access an out-of-bounds frame by the Apple RPZA encoder. An attacker could possibly use this to cause a denial of service via application crash or access sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.10.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907