CVE-2022-2566

2022-09-2312:15:10

Debian Security Bug Tracker

security-tracker.debian.org

cve-2022-2566

ffmpeg

memory write

remote code execution

integer overflow

mp4 file

upgrade

unix

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

42.5%

JSON

A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in build_open_gop_key_points() goes through all entries in the loop and adds sc->ctts_data[i].count to sc->sample_offsets_count. This can lead to an integer overflow resulting in a small allocation with av_calloc(). An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05

OSVersionArchitecturePackageVersionFilename
Debian12allffmpeg< 7:5.1.1-1ffmpeg_7:5.1.1-1_all.deb
Debian11allffmpeg< 7:4.3.7-0+deb11u1ffmpeg_7:4.3.7-0+deb11u1_all.deb
Debian999allffmpeg< 7:5.1.1-1ffmpeg_7:5.1.1-1_all.deb
Debian13allffmpeg< 7:5.1.1-1ffmpeg_7:5.1.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ffmpeg	< 7:5.1.1-1	ffmpeg_7:5.1.1-1_all.deb
Debian	11	all	ffmpeg	< 7:4.3.7-0+deb11u1	ffmpeg_7:4.3.7-0+deb11u1_all.deb
Debian	999	all	ffmpeg	< 7:5.1.1-1	ffmpeg_7:5.1.1-1_all.deb
Debian	13	all	ffmpeg	< 7:5.1.1-1	ffmpeg_7:5.1.1-1_all.deb