CVE-2022-3964
ffmpeg QuickTime RPZA Video Encoder rpzaenc.c out-of-bounds
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.
Una vulnerabilidad ha sido encontrada en ffmpeg y clasificada como problemática. Una parte desconocida del archivo libavcodec/rpzaenc.c del componente QuickTime RPZA Video Encoder. La manipulación del argumento y_size conduce a una lectura fuera de límites. Es posible iniciar el ataque de forma remota. El nombre del parche es 92f9b28ed84a77138105475beba16c146bdaf984. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-213543.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-11-13 CVE Reserved
- 2022-11-13 CVE Published
- 2024-07-04 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.213543 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984 | 2023-12-23 |
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202312-14 | 2023-12-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | >= 4.4 < 4.4.4 Search vendor "Ffmpeg" for product "Ffmpeg" and version " >= 4.4 < 4.4.4" | - |
Affected
| ||||||
Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | >= 5.0 < 5.0.3 Search vendor "Ffmpeg" for product "Ffmpeg" and version " >= 5.0 < 5.0.3" | - |
Affected
| ||||||
Ffmpeg Search vendor "Ffmpeg" | Ffmpeg Search vendor "Ffmpeg" for product "Ffmpeg" | >= 5.1 < 5.1.3 Search vendor "Ffmpeg" for product "Ffmpeg" and version " >= 5.1 < 5.1.3" | - |
Affected
|