PT-2022-7211 · FFmpeg+4 · Ffmpeg+4

Paul B Mahol

Published

2022-11-12

Updated

2024-06-15

CVE-2022-3964

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions ffmpeg (affected versions not specified)

Description A problematic vulnerability has been found in ffmpeg, affecting the component QuickTime RPZA Video Encoder in the file libavcodec/rpzaenc.c. The manipulation of the argument y size leads to an out-of-bounds read. This issue can be exploited remotely, potentially allowing an attacker to access confidential data and cause a denial of service.

Recommendations To fix this issue, it is recommended to apply a patch. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. As a temporary workaround, consider restricting access to the vulnerable component QuickTime RPZA Video Encoder until a patch is applied. Avoid using the argument y size in the affected file libavcodec/rpzaenc.c to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2023-2034

ALT-PU-2023-2095

ALT-PU-2023-4151

ALT-PU-2023-5511

BDU:2023-09095

CVE-2022-3964

OPENSUSE-SU-2022_4194-1

OPENSUSE-SU-2024:12514-1

OPENSUSE-SU-2024:12520-1

OPENSUSE-SU-2024:13889-1

ROSA-SA-2023-2277

SUSE-SU-2022:4194-1

SUSE-SU-2022_4194-1

USN-5958-1

Affected Products

Alt Linux

Linuxmint

Suse

Ubuntu

Ffmpeg

PT-2022-7211 · FFmpeg+4 · Ffmpeg+4

CVE-2022-3964

Weakness Enumeration

Related Identifiers

Affected Products

References · 33