Unrated severityNVD Advisory· Published Nov 13, 2022· Updated Aug 3, 2024
ffmpeg QuickTime RPZA Video Encoder rpzaenc.c out-of-bounds
CVE-2022-3964
Description
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords7 versionspkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ffmpeg-5&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ffmpeg-7&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP4
< 4.4-150400.3.5.1+ 6 more
- (no CPE)range: < 4.4-150400.3.5.1
- (no CPE)range: < 4.4.3-2.1
- (no CPE)range: < 5.1.2-4.1
- (no CPE)range: < 7.0-1.1
- (no CPE)range: < 4.4-150400.3.5.1
- (no CPE)range: < 4.4-150400.3.5.1
- (no CPE)range: < 4.4-150400.3.5.1
- unspecified/ffmpegv5Range: n/a
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.