Headline
CVE-2022-3965: git.ffmpeg.org Git - ffmpeg.git/commit
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.
author
Paul B Mahol [email protected]
Sat, 12 Nov 2022 14:19:21 +0000 (15:19 +0100)
committer
Paul B Mahol [email protected]
Sat, 12 Nov 2022 14:23:11 +0000 (15:23 +0100)
commit
13c13109759090b7f7182480d075e13b36ed8edd
tree
c1b086f5a29e013c99419faba7e899cf48cbca70
tree | snapshot
parent
bfab87a61dde2084911d1f7d0e656912199219c8
commit | diff
Related news
Gentoo Linux Security Advisory 202312-14 - Multiple vulnerabilities have been discovered in FFmpeg, the worst of which could lead to code execution. Versions greater than or equal to 6.0 are affected.
Ubuntu Security Notice 5958-1 - It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cause a denial of service via application crash. These issues only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that FFmpeg could be made to access an out-of-bounds frame by the Apple RPZA encoder. An attacker could possibly use this to cause a denial of service via application crash or access sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.10.