8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
50.5%
ffmpeg is vulnerable to Use After Free. vulnerability occurs in ‘libavcodec/pthread_frame.c’ due to stale hwaccel state in worker threads which allows an attacker to trigger use after free.
CPE | Name | Operator | Version |
---|---|---|---|
ffmpeg:sid | eq | 7:4.3.1-5 | |
ffmpeg:sid | eq | 7:4.3.1-5 |
git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOMB6WRUC55VWV25IKJTV22KARBUGWGQ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQHNSWXFUN3VJ3AO2AEJUK3BURSGM5G2/
lists.fedoraproject.org/archives/list/[email protected]/message/KOMB6WRUC55VWV25IKJTV22KARBUGWGQ/
lists.fedoraproject.org/archives/list/[email protected]/message/PQHNSWXFUN3VJ3AO2AEJUK3BURSGM5G2/
news.ycombinator.com/item?id=35356201
security-tracker.debian.org/tracker/CVE-2022-48434
security.gentoo.org/glsa/202312-14
wrv.github.io/h26forge.pdf
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
50.5%