CVE-2022-3965
Summary
| CVE | CVE-2022-3965 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-11-13 08:15:00 UTC |
| Updated | 2023-12-23 12:15:00 UTC |
| Description | A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.ffmpeg.org Git - ffmpeg.git/commit | N/A | git.ffmpeg.org | |
| CVE-2022-3965 | ffmpeg QuickTime Graphics Video Encoder smcenc.c smc_encode_stream out-of-bounds | N/A | vuldb.com | |
| FFmpeg: Multiple Vulnerabilities (GLSA 202312-14) — Gentoo security | security.gentoo.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 182347 Debian Security Update for ffmpeg (CVE-2022-3965)
- 199575 Ubuntu Security Notification for FFmpeg Vulnerabilities (USN-5958-1)
- 502851 Alpine Linux Security Update for ffmpeg
- 503183 Alpine Linux Security Update for ffmpeg
- 506050 Alpine Linux Security Update for ffmpeg
- 710815 Gentoo Linux FFmpeg Multiple Vulnerabilities (GLSA 202312-14)