8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
0.002 Low
EPSS
Percentile
59.0%
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | ffmpeg | < 7:5.1.3-1 | ffmpeg_7:5.1.3-1_all.deb |
Debian | 11 | all | ffmpeg | < 7:4.3.6-0+deb11u1 | ffmpeg_7:4.3.6-0+deb11u1_all.deb |
Debian | 999 | all | ffmpeg | < 7:5.1.3-1 | ffmpeg_7:5.1.3-1_all.deb |
Debian | 13 | all | ffmpeg | < 7:5.1.3-1 | ffmpeg_7:5.1.3-1_all.deb |