Lucene search

K
mageiaGentoo FoundationMGASA-2023-0043
HistoryFeb 15, 2023 - 1:43 a.m.

Updated ffmpeg packages fix security vulnerability

2023-02-1501:43:23
Gentoo Foundation
advisories.mageia.org
124
ffmpeg
packages
security

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

42.9%

A null pointer dereference issue was discovered in ‘FFmpeg’ in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. (CVE-2022-3341)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchffmpeg< 4.3.5-1.2ffmpeg-4.3.5-1.2.mga8
Mageia8noarchffmpeg< 4.3.5-1.2ffmpeg-4.3.5-1.2.mga8.tainted

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

42.9%