CVE-2022-3964

Source
https://cve.org/CVERecord?id=CVE-2022-3964
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3964.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-3964
Downstream
Related
Published
2022-11-13T00:00:00Z
Modified
2026-07-11T03:55:40.994669141Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
Summary
ffmpeg QuickTime RPZA Video Encoder rpzaenc.c out-of-bounds
Details

A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.

Database specific
{
    "cwe_ids": [
        "CWE-119"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3964.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / git.ffmpeg.org/ffmpeg.git

Affected ranges

Type
GIT
Repo
https://git.ffmpeg.org/ffmpeg.git
Events
Database specific
{
    "cpe": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.4"
        },
        {
            "fixed": "4.4.4"
        },
        {
            "introduced": "5.0"
        },
        {
            "fixed": "5.0.3"
        },
        {
            "introduced": "5.1"
        },
        {
            "fixed": "5.1.3"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

n4.*
n4.4
n4.4-dev
n4.4.1
n4.4.2
n4.4.3
n5.*
n5.0
n5.0.1
n5.0.2
n5.1
n5.1-dev
n5.1.1
n5.1.2
n5.2-dev

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3964.json"

Git / github.com/ffmpeg/ffmpeg

Affected ranges

Type
GIT
Repo
https://github.com/ffmpeg/ffmpeg
Events
Database specific
{
    "cpe": "cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.4"
        },
        {
            "fixed": "4.4.4"
        },
        {
            "introduced": "5.0"
        },
        {
            "fixed": "5.0.3"
        },
        {
            "introduced": "5.1"
        },
        {
            "fixed": "5.1.3"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

n4.*
n4.4
n4.4-dev
n4.4.1
n4.4.2
n4.4.3
n5.*
n5.0
n5.0.1
n5.0.2
n5.1
n5.1-dev
n5.1.1
n5.1.2

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3964.json"