Fedora 36 : ffmpeg (2023-1e24db98a6)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1e24db98a6 advisory. New release with bug fixes across the tree Contains security fixes for CVE-2022-48434 and CVE-2022-3109. Tenable has extracted the preceding...

CVE-2022-48434

libavcodec/pthreadframe.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances e.g., hardware re-initialization upon a mid-video SPS change when...