Lucene search

[email protected]NVD:CVE-2022-3109

HistoryDec 16, 2022 - 3:15 p.m.

CVE-2022-3109

2022-12-1615:15:09

CWE-476

[email protected]

web.nvd.nist.gov

ffmpeg

vp3_decode_frame

null pointer

availability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

50.2%

JSON

An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.

Affected configurations

NVD

Node

ffmpegffmpegRange<5.1

References

bugzilla.redhat.com/show_bug.cgi?id=2153551

github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568

lists.debian.org/debian-lts-announce/2023/06/msg00016.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOMB6WRUC55VWV25IKJTV22KARBUGWGQ/

www.debian.org/security/2023/dsa-5394

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

50.2%

JSON

Related for NVD:CVE-2022-3109

veracode1 openvas10 cvelist1 debiancve1 prion1 nessus7 osv4 ubuntucve1 cve1 debian2 mageia1 fedora1 freebsd1 cloudfoundry1 rosalinux1 ubuntu1