CVE-2022-3109

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FFmpeg versions prior to 3.0

Description An issue was discovered in the FFmpeg package, where the vp3 decode frame function in libavcodec/vp3.c lacks a check of the return value of av malloc(), which will cause a null pointer dereference. This impacts availability and potentially confidentiality. The issue can be exploited by a remote attacker to cause a denial of service.

Recommendations For FFmpeg versions prior to 3.0, consider updating to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the vp3 decode frame function in libavcodec/vp3.c to minimize the risk of exploitation. Additionally, ensure that error handling for memory allocation is properly implemented to prevent similar issues.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2023-2034

ALT-PU-2023-2095

ALT-PU-2023-4100

ALT-PU-2023-4117

ALT-PU-2023-4151

ALT-PU-2023-5511

BDU:2023-04787

CVE-2022-3109

DLA-3454-1

DSA-5394-1

MGASA-2023-0004

OESA-2024-1804

OESA-2024-1806

OESA-2024-1807

OESA-2024-1808

OPENSUSE-SU-2023_0007-1

OPENSUSE-SU-2023_0008-1

OPENSUSE-SU-2024:12585-1

ROSA-SA-2023-2277

SUSE-SU-2023:0005-1

SUSE-SU-2023:0007-1

SUSE-SU-2023:0008-1

SUSE-SU-2023_0007-1

SUSE-SU-2023_0008-1

USN-5958-1

Affected Products

Alt Linux

Astra Linux

Ffmpeg

Linuxmint

Suse

Ubuntu

CVE-2022-3109

Weakness Enumeration

Related Identifiers

Affected Products

References · 83