{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3965", "TITLE": "ffmpeg QuickTime Graphics Video Encoder smcenc.c smc_encode_stream out-of-bounds", "REQUESTER": "cna@vuldb.com", "ASSIGNER": "cna@vuldb.com", "STATE": "PUBLIC" }, "generator": "vuldb.com", "affects": { "vendor": { "vendor_data": [ { "vendor_name": "", "product": { "product_data": [ { "product_name": "ffmpeg", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119 Memory Corruption -> CWE-125 Out-of-Bounds Read" } ] } ] }, "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544." } ] }, "impact": { "cvss": { "version": "3.1", "baseScore": "4.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } }, "references": { "reference_data": [ { "url": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/13c13109759090b7f7182480d075e13b36ed8edd", "refsource": "MISC", "name": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/13c13109759090b7f7182480d075e13b36ed8edd" }, { "url": "https://vuldb.com/?id.213544", "refsource": "MISC", "name": "https://vuldb.com/?id.213544" }, { "refsource": "GENTOO", "name": "GLSA-202312-14", "url": "https://security.gentoo.org/glsa/202312-14" } ] } }