CVE-2022-2566 A heap out-of-bounds memory write exists in FFMPEG 5.1 because of the size calculation in `build_open_gop_key_points()` adding sc->ctts_data[i].count to sc->sample_offsets_count.

GNU Libav out-of-bounds heap write in `av_set_metadata_pack()` due to integer overflow. We recommend upgrading past commit 6b3f9b3d7f0a02e29c8a068a622ddd6cab30a9

We recommend upgrading past commit 6b3f9b3d7f0a02e29c8a068a622ddd6cab30a9

This security vulnerability can be found in the GNU Libav project. The vulnerability is a buffer overflow when handling metadata of the media file with av_set_metadata_pack(). This flaw has been fixed in version 4.13.0-rc1 of the GNU Libav project. Because there are no known exploits for this issue, users are advised to upgrade as soon as possible.

There is an out-of-bounds heap write in `av_set_metadata_pack()` due to integer underflow

The vulnerability is caused by an integer underflow in the av_set_metadata_pack() function. This leads to an out-of-bounds heap write when the number of pixel aspect ratios (PARs) or chroma subsampling levels exceeds 4,096.

We recommend upgrading past this commit This issue was fixed in Git at 74c9d54 .


For this blog post, we recommend upgrading past commit 6b3f9b3d7f0a02e29c8a068a622ddd6cab30a9.

Timeline

Published on: 09/23/2022 12:15:00 UTC
Last modified on: 10/01/2022 02:27:00 UTC

References