CVE-2022-38019
published 2022-09-13CVE-2022-38019: AV1 Video Extension Remote Code Execution Vulnerability
PriorityP339high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.83%
53.0th percentile
AV1 Video Extension Remote Code Execution Vulnerability
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | av1_video_extension | < 1.1.51091.0 | 1.1.51091.0 |
| microsoft | av1_video_extension | >= 1.1.0 < 1.1.51091.0 | 1.1.51091.0 |
| msrc | av1_video_extension | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-544m-jw6j-88m7: AV1 Video Extension Remote Code Execution Vulnerability
ghsa_unreviewed·2022-09-14
CVE-2022-38019 [HIGH] GHSA-544m-jw6j-88m7: AV1 Video Extension Remote Code Execution Vulnerability
AV1 Video Extension Remote Code Execution Vulnerability.
Microsoft
AV1 Video Extension Remote Code Execution Vulnerability
vendor_msrc·2022-09-13·CVSS 7.8
CVE-2022-38019 [HIGH] AV1 Video Extension Remote Code Execution Vulnerability
AV1 Video Extension Remote Code Execution Vulnerability
FAQ: Is Windows vulnerable in the default configuration?
No. Only customers who have installed this app from the Microsoft Store may be vulnerable.
How do I get the updated app?
The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.
It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.
My system is in a disconnected environment; is it vulnerable?
Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.
How can I check if the update is installed?
App package ver
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-13
Published