Unrated severityNVD Advisory· Published Sep 23, 2022· Updated Apr 21, 2025

Heap-memory write in FFMPEG

CVE-2022-2566

Description

A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in build_open_gop_key_points() goes through all entries in the loop and adds sc->ctts_data[i].count to sc->sample_offsets_count. This can lead to an integer overflow resulting in a small allocation with av_calloc(). An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

FFmpeg/Ffmpegllm-fuzzy2 versions
>= 5.1+ 1 more
- (no CPE)range: >= 5.1
- (no CPE)range: 5.1
osv-coords
pkg:rpm/opensuse/ffmpeg-5&distro=openSUSE%20Tumbleweed
Range: < 5.1.1-1.1

Patches

Vulnerability mechanics

References

github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000