PT-2022-6631 · FFmpeg+6 · Ffmpeg+6

Wrv

Published

2022-09-02

Updated

2025-03-19

CVE-2022-48434

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 5.1.2

Description The issue is related to the use of memory after it has been freed in the libavcodec/pthread frame.c component of the FFmpeg multimedia library when handling worker threads with the hwaccel decoder. This can allow a remote attacker to execute arbitrary code in certain circumstances, such as during hardware re-initialization upon a mid-video SPS change when Direct3D11 is used.

Recommendations For FFmpeg versions prior to 5.1.2, update to version 5.1.2 or later to resolve the issue. As a temporary workaround, consider disabling the use of hwaccel decoder in worker threads until a patch is available. Restrict access to the libavcodec/pthread frame.c component to minimize the risk of exploitation. Avoid using the hwaccel state in worker threads in the affected API endpoints until the issue is resolved.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2023-5511

ALT-PU-2024-10869

ALT-PU-2024-10871

BDU:2023-02925

CVE-2022-48434

DSA-5721-1

OESA-2024-1873

OESA-2024-1875

OESA-2024-1876

OESA-2024-1877

OPENSUSE-SU-2025:14880-1

OPENSUSE-SU-2025_0958-1

ROSA-SA-2023-2277

SUSE-SU-2023:2087-1

SUSE-SU-2023:2108-1

SUSE-SU-2023:2115-1

SUSE-SU-2023_2087-1

SUSE-SU-2023_2108-1

SUSE-SU-2025:0958-1

USN-6449-1

USN-6449-2

Affected Products

Alt Linux

Astra Linux

Ffmpeg

Linuxmint

Red Os

Suse

Ubuntu

PT-2022-6631 · FFmpeg+6 · Ffmpeg+6

CVE-2022-48434

Weakness Enumeration

Related Identifiers

Affected Products

References · 74