We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-48434



Description

libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).

Reserved 2023-03-29 | Published 2023-03-29 | Updated 2024-10-21 | Assigner mitre

References

git.ffmpeg.org/...t/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11

news.ycombinator.com/item?id=35356201

wrv.github.io/h26forge.pdf

lists.fedoraproject.org/...PQHNSWXFUN3VJ3AO2AEJUK3BURSGM5G2/ (FEDORA-2023-32c3bbbbc9) vendor-advisory

lists.fedoraproject.org/...KOMB6WRUC55VWV25IKJTV22KARBUGWGQ/ (FEDORA-2023-1e24db98a6) vendor-advisory

security.gentoo.org/glsa/202312-14 (GLSA-202312-14) vendor-advisory

cve.org (CVE-2022-48434)

nvd.nist.gov (CVE-2022-48434)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2022-48434

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.