CVE-2022-3964
ffmpeg QuickTime RPZA Video Encoder rpzaenc.c out-of-bounds
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.
| CWE | CWE-119 |
| Vendor | unspecified |
| Product | ffmpeg |
| Published | Nov 13, 2022 |
| Last Updated | Aug 3, 2024 |
Stay Ahead of the Next One
Get instant alerts for unspecified ffmpeg
Be the first to know when new medium vulnerabilities affecting unspecified ffmpeg are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected Versions
unspecified / ffmpeg
n/a