CVE-2022-48434Use After Free in Ffmpeg

CWE-416Use After Free10 documents7 sources
Severity
8.1HIGHNVD
OSV8.8
EPSS
0.3%
top 44.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
FfmpegDebian FfmpegMsrc Azl3 Mozjs 102.15.1-1 ON Azure Linux 3.0
Timeline
PublishedMar 29
Latest updateFeb 15

Description

libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages5 packages

NVDffmpeg/ffmpeg< 5.1.2
debiandebian/ffmpeg< ffmpeg 7:5.1.2-1 (bookworm)
Debianffmpeg/ffmpeg< 7:4.3.7-0+deb11u1+3
Ubuntuffmpeg/ffmpeg< 7:3.4.11-0ubuntu0.1+esm4+5

Patches

Patch: git.ffmpeg.orgPatch: git.ffmpeg.org

🔴Vulnerability Details

4
OSV
ffmpeg regression2023-11-15
OSV
ffmpeg vulnerabilities2023-10-24
OSV
CVE-2022-48434: libavcodec/pthread_frame2023-03-29
GHSA
GHSA-q56j-8x89-gvgg: libavcodec/pthread_frame2023-03-29

📋Vendor Advisories

5
CISA ICS
Siemens SCALANCE XCM-/XRM-3002024-02-15
Ubuntu
FFmpeg regression2023-11-15
Ubuntu
FFmpeg vulnerabilities2023-10-24
Microsoft
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbit2023-03-14
Debian
CVE-2022-48434: ffmpeg - libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other prod...2022