CVE-2022-3965
ffmpeg QuickTime Graphics Video Encoder smcenc.c smc_encode_stream out-of-bounds
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.
| CWE | CWE-119 |
| Vendor | unspecified |
| Product | ffmpeg |
| Published | Nov 13, 2022 |
| Last Updated | Aug 3, 2024 |
Stay Ahead of the Next One
Get instant alerts for unspecified ffmpeg
Be the first to know when new medium vulnerabilities affecting unspecified ffmpeg are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected Versions
unspecified / ffmpeg
n/a