ffmpeg QuickTime RPZA Video Encoder libavcodec/rpzaenc.c y_size out-of-bounds

A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The CWE definition for the vulnerability is CWE-125. The weakness was presented 11/13/2022 as 92f9b28ed84a77138105475beba16c146bdaf984. It is possible to read the advisory at git.ffmpeg.org. This vulnerability is uniquely identified as CVE-2022-3964. It is possible to initiate the attack remotely. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. The patch is named 92f9b28ed84a77138105475beba16c146bdaf984. The bugfix is ready for download at git.ffmpeg.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

125

Field

exploit_price_0day2
source_cve_nvd_summary1
source_cve_assigned1
vulnerability_cvss3_meta_tempscore1
vulnerability_cvss3_meta_basescore1

Commit Conf

90%33
50%10
70%2

Approve Conf

90%33
80%10
70%2
IDCommitedUserFieldChangeRemarksAcceptedStatusC
1339637612/17/2022VulD...price_0day$0-$5ksee exploit price documentation12/17/2022accepted
90
1339637512/17/2022VulD...cve_nvd_summaryA vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.cve.mitre.org12/17/2022accepted
70
1339637412/17/2022VulD...cve_assigned1668294000 (11/13/2022)cve.mitre.org12/17/2022accepted
70
1326030511/13/2022VulD...price_0day$0-$5ksee exploit price documentation11/13/2022accepted
90
1326030411/13/2022VulD...cvss3_meta_tempscore4.1see CVSS documentation11/13/2022accepted
90
1326030311/13/2022VulD...cvss3_meta_basescore4.3see CVSS documentation11/13/2022accepted
90
1326030211/13/2022VulD...cvss3_vuldb_tempscore4.1see CVSS documentation11/13/2022accepted
90
1326030111/13/2022VulD...cvss3_vuldb_basescore4.3see CVSS documentation11/13/2022accepted
90
1326030011/13/2022VulD...cvss2_vuldb_tempscore4.4see CVSS documentation11/13/2022accepted
90
1326029911/13/2022VulD...cvss2_vuldb_basescore5.0see CVSS documentation11/13/2022accepted
90
1326029811/13/2022VulD...cvss3_vuldb_eXderived from historical data11/13/2022accepted
80
1326029711/13/2022VulD...cvss2_vuldb_eNDderived from historical data11/13/2022accepted
80
1326029611/13/2022VulD...cvss2_vuldb_rlOFderived from vuldb v3 vector11/13/2022accepted
80
1326029511/13/2022VulD...cvss2_vuldb_rcCderived from vuldb v3 vector11/13/2022accepted
80
1326029411/13/2022VulD...cvss2_vuldb_aiPderived from vuldb v3 vector11/13/2022accepted
80
1326029311/13/2022VulD...cvss2_vuldb_iiNderived from vuldb v3 vector11/13/2022accepted
80
1326029211/13/2022VulD...cvss2_vuldb_ciNderived from vuldb v3 vector11/13/2022accepted
80
1326029111/13/2022VulD...cvss2_vuldb_auNderived from vuldb v3 vector11/13/2022accepted
80
1326029011/13/2022VulD...cvss2_vuldb_acLderived from vuldb v3 vector11/13/2022accepted
80
1326028911/13/2022VulD...cvss2_vuldb_avNderived from vuldb v3 vector11/13/2022accepted
80

25 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 25 results.

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!