Vulnerability CVE-2022-3109: Information
Description
An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
ffmpeg | sisyphus | 4.4.4-alt1 | 6.1.1-alt3 | ALT-PU-2023-2034-1 | 323383 | Fixed |
ffmpeg | sisyphus_e2k | 4.4.4-alt1 | 6.1.1-alt3 | ALT-PU-2023-3942-1 | - | Fixed |
ffmpeg | sisyphus_riscv64 | 4.4.4-alt1 | 6.1.1-alt3 | ALT-PU-2023-3998-1 | - | Fixed |
ffmpeg | p10 | 4.4.4-alt1 | 4.4.4-alt1 | ALT-PU-2023-4151-1 | 323384 | Fixed |
ffmpeg | p10_e2k | 4.4.4-alt1 | 4.4.4-alt1 | ALT-PU-2023-4203-1 | - | Fixed |
ffmpeg | p9 | 4.3.6-alt1 | 4.3.6-alt1 | ALT-PU-2023-4117-1 | 323386 | Fixed |
ffmpeg | c10f1 | 4.4.4-alt1 | 4.4.4-alt1 | ALT-PU-2023-2095-1 | 323385 | Fixed |
ffmpeg | c9f2 | 4.3.6-alt1 | 4.3.6-alt1 | ALT-PU-2023-4100-1 | 323387 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2153551 |
|
https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568 |
|
DSA-5394 | |
[debian-lts-announce] 20230613 [SECURITY] [DLA 3454-1] ffmpeg security update | |
FEDORA-2023-1e24db98a6 |