An issue was discovered in the FFmpeg package, where vp3decodeframe in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.
{ "vanir_signatures": [ { "id": "CVE-2022-3109-2009719d", "digest": { "threshold": 0.9, "line_hashes": [ "296668209892502617258083696776298184501", "179955415149809112259535756720552300062", "234635089860816423356759960037085279787", "223938992080501052778109654229955851693", "114824492263024678544587325202192976403" ] }, "signature_type": "Line", "deprecated": false, "target": { "file": "libavcodec/vp3.c" }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568" }, { "id": "CVE-2022-3109-6328b518", "digest": { "length": 7000.0, "function_hash": "227388434592210151558034273051090982660" }, "signature_type": "Function", "deprecated": false, "target": { "file": "libavcodec/vp3.c", "function": "vp3_decode_frame" }, "signature_version": "v1", "source": "https://github.com/ffmpeg/ffmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568" } ] }