8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
7.4 High
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.002 Low
EPSS
Percentile
54.4%
software: ffmpeg 4.4.3
OS: ROSA-CHROME
package_evr_string: ffmpeg-4.4.3-2.src.rpm
CVE-ID: CVE-2022-3109
BDU-ID: 2023-04787
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the vp3_decode_frame function of the libavcodec/vp3.c component of the FFmpeg multimedia library is related to a lack of validation of the return value of av_malloc(). Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update ffmpeg
CVE-ID: CVE-2022-3341
BDU-ID: 2023-03348
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the decode_main_header() function (libavformat/nutdec.c) of the FFmpeg multimedia library is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update ffmpeg
CVE-ID: CVE-2022-3964
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A vulnerability classified as problematic has been discovered in ffmpeg. It affects an unknown part of the libavcodec/rpzaenc.c file of the QuickTime RPZA Video Encoder component. Manipulation of the y_size argument results in reads outside the valid range. The attack can be initiated remotely.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update ffmpeg
CVE-ID: CVE-2022-48434
BDU-ID: 2023-02925
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the libavcodec/pthread_frame.c component of the FFmpeg multimedia library is related to memory usage after it is freed when processing worker threads by the hwaccel decoder. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update ffmpeg
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
7.4 High
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.002 Low
EPSS
Percentile
54.4%