Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-4907
HistoryJul 29, 2023 - 12:00 a.m.

CVE-2022-4907

2023-07-2900:00:00
ubuntu.com
ubuntu.com
11
ffmpeg
google chrome
remote code execution
crafted html
medium severity
ubuntu
debian
snap

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.7%

Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed
a remote attacker to execute arbitrary code inside a sandbox via a crafted
HTML page. (Chromium security severity: Medium)

Notes

Author Note
sbeattie need investigating to see if this affects upstream FFMpeg, fixes supposedly landed in upstream ffmpeg
alexmurray The Debian chromium source package is called chromium-browser in Ubuntu
mdeslaur starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap
OSVersionArchitecturePackageVersionFilename
ubuntu24.04noarchffmpeg< anyUNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.7%