Unrated severityNVD Advisory· Published Mar 29, 2023· Updated Oct 21, 2024

CVE-2022-48434

Description

libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

FFmpeg/Ffmpegllm-fuzzy
Range: <5.1.2
osv-coords26 versions
pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/ffmpeg-4&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/ffmpeg&distro=openSUSE%20Leap%2015.4 pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4 pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4 pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6 pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP4 pkg:rpm/suse/ffmpeg-4&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6 pkg:rpm/suse/ffmpeg&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/ffmpeg&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/ffmpeg&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/ffmpeg&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP4
< 4.4-150400.3.15.1+ 25 more
- (no CPE)range: < 4.4-150400.3.15.1
- (no CPE)range: < 4.4.5-150600.13.19.1
- (no CPE)range: < 4.4.5-7.1
- (no CPE)range: < 3.4.2-150200.11.28.1
- (no CPE)range: < 4.4-150400.3.15.1
- (no CPE)range: < 4.4-150400.3.15.1
- (no CPE)range: < 4.4.5-150600.13.19.1
- (no CPE)range: < 4.4-150400.3.15.1
- (no CPE)range: < 4.4.5-150600.13.19.1
- (no CPE)range: < 3.4.2-150000.4.53.2
- (no CPE)range: < 3.4.2-150200.11.28.1
- (no CPE)range: < 3.4.2-150200.11.28.1
- (no CPE)range: < 3.4.2-150000.4.53.2
- (no CPE)range: < 3.4.2-150200.11.28.1
- (no CPE)range: < 3.4.2-150200.11.28.1
- (no CPE)range: < 3.4.2-150200.11.28.1
- (no CPE)range: < 3.4.2-150200.11.28.1
- (no CPE)range: < 3.4.2-150200.11.28.1
- (no CPE)range: < 3.4.2-150200.11.28.1
- (no CPE)range: < 3.4.2-150000.4.53.2
- (no CPE)range: < 3.4.2-150200.11.28.1
- (no CPE)range: < 3.4.2-150200.11.28.1
- (no CPE)range: < 3.4.2-150000.4.53.2
- (no CPE)range: < 3.4.2-150200.11.28.1
- (no CPE)range: < 3.4.2-150200.11.28.1
- (no CPE)range: < 3.4.2-150200.11.28.1

Patches

Vulnerability mechanics

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOMB6WRUC55VWV25IKJTV22KARBUGWGQ/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQHNSWXFUN3VJ3AO2AEJUK3BURSGM5G2/mitrevendor-advisory
security.gentoo.org/glsa/202312-14mitrevendor-advisory
git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11mitre
news.ycombinator.com/itemmitre
wrv.github.io/h26forge.pdfmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000