CVE-2022-3964

{"id": "CVE-2022-3964", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-11-13T08:15:14.657", "references": [{"url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984", "tags": ["Patch", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://security.gentoo.org/glsa/202312-14", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.213543", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en ffmpeg y clasificada como problem\u00e1tica. Una parte desconocida del archivo libavcodec/rpzaenc.c del componente QuickTime RPZA Video Encoder. La manipulaci\u00f3n del argumento y_size conduce a una lectura fuera de l\u00edmites. Es posible iniciar el ataque de forma remota. El nombre del parche es 92f9b28ed84a77138105475beba16c146bdaf984. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-213543."}], "lastModified": "2023-12-23T12:15:21.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "078D4A14-B5EA-401E-84E6-3212AAC69A65", "versionEndExcluding": "4.4.4", "versionStartIncluding": "4.4"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CE47406-F17E-4C7D-B924-22DEBD106D45", "versionEndExcluding": "5.0.3", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "952B0691-9892-4CDE-A4E7-1EF0EE51B27B", "versionEndExcluding": "5.1.3", "versionStartIncluding": "5.1"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}