CVE-2022-3964
Summary
| CVE | CVE-2022-3964 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-11-13 08:15:00 UTC |
| Updated | 2023-12-23 12:15:00 UTC |
| Description | A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2022-3964 | ffmpeg QuickTime RPZA Video Encoder rpzaenc.c out-of-bounds | N/A | vuldb.com | |
| git.ffmpeg.org Git - ffmpeg.git/commit | N/A | git.ffmpeg.org | |
| FFmpeg: Multiple Vulnerabilities (GLSA 202312-14) — Gentoo security | security.gentoo.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 183234 Debian Security Update for ffmpeg (CVE-2022-3964)
- 199575 Ubuntu Security Notification for FFmpeg Vulnerabilities (USN-5958-1)
- 502851 Alpine Linux Security Update for ffmpeg
- 691142 Free Berkeley Software Distribution (FreeBSD) Security Update for ffmpeg (faf7c1d0-f5bb-47b4-a6a8-ef57317b9766)
- 710815 Gentoo Linux FFmpeg Multiple Vulnerabilities (GLSA 202312-14)
- 752891 SUSE Enterprise Linux Security Update for ffmpeg-4 (SUSE-SU-2022:4194-1)