A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05
References
Link | Resource |
---|---|
https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 | Patch Third Party Advisory |
Configurations
History
27 Jun 2023, 20:44
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-190 |
27 Sep 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 |
26 Sep 2022, 18:23
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
CPE | cpe:2.3:a:ffmpeg:ffmpeg:5.1:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 - Patch, Third Party Advisory | |
First Time |
Ffmpeg ffmpeg
Ffmpeg |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
23 Sep 2022, 12:29
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-23 12:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-2566
Mitre link : CVE-2022-2566
CVE.ORG link : CVE-2022-2566
JSON object : View
Products Affected
ffmpeg
- ffmpeg