Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-3341
HistoryJan 12, 2023 - 12:00 a.m.

CVE-2022-3341

2023-01-1200:00:00
ubuntu.com
ubuntu.com
31
ffmpeg
null pointer dereference
decode_main_header
libavformat
nutdec.

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

42.9%

A null pointer dereference issue was discovered in ‘FFmpeg’ in
decode_main_header() function of libavformat/nutdec.c file. The flaw occurs
because the function lacks check of the return value of
avformat_new_stream() and triggers the null pointer dereference error,
causing an application to crash.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchffmpeg< 7:3.4.11-0ubuntu0.1+esm1UNKNOWN
ubuntu20.04noarchffmpeg< 7:4.2.7-0ubuntu0.1+esm1UNKNOWN
ubuntu22.04noarchffmpeg< 7:4.4.2-0ubuntu0.22.04.1+esm1UNKNOWN
ubuntu16.04noarchffmpeg< 7:2.8.17-0ubuntu0.1+esm5UNKNOWN

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

42.9%