CVE-2022-3341
Summary
| CVE | CVE-2022-3341 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-01-12 15:15:00 UTC |
| Updated | 2023-06-13 17:15:00 UTC |
| Description | A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. |
Risk And Classification
Problem Types: CWE-476
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| avformat/nutdec: Add check for avformat_new_stream · FFmpeg/FFmpeg@9cf652c · GitHub | MISC | github.com | |
| [SECURITY] [DLA 3454-1] ffmpeg security update | MLIST | lists.debian.org | |
| 2157054 – (CVE-2022-3341) CVE-2022-3341 ffmpeg: null pointer dereference in decode_main_header() in libavformat/nutdec.c | MISC | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181866 Debian Security Update for ffmpeg (DLA 3454-1)
- 182207 Debian Security Update for ffmpeg (CVE-2022-3341)
- 199575 Ubuntu Security Notification for FFmpeg Vulnerabilities (USN-5958-1)
- 691142 Free Berkeley Software Distribution (FreeBSD) Security Update for ffmpeg (faf7c1d0-f5bb-47b4-a6a8-ef57317b9766)
- 753576 SUSE Enterprise Linux Security Update for ffmpeg-4 (SUSE-SU-2023:0172-1)
- 753602 SUSE Enterprise Linux Security Update for ffmpeg (SUSE-SU-2023:0206-1)
- 753966 SUSE Enterprise Linux Security Update for ffmpeg (SUSE-SU-2023:2115-1)