CVE-2022-1475
Publication date 2 May 2022
Last updated 24 July 2024
Ubuntu priority
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| ffmpeg | 22.04 LTS jammy |
Fixed 7:4.4.2-0ubuntu0.22.04.1
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
Notes
rodrigo-zaiden
the vulnerability was added in version 4.2, in commit: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=641d5215
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.5 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-5472-1
- FFmpeg vulnerabilities
- 8 June 2022
Other references
- https://trac.ffmpeg.org/ticket/9651
- https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8
- https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f (n4.4.2)
- https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fa2e4afe8d0a23fac37392ef6506cfc9841f8d3d (n4.3.4)
- https://www.cve.org/CVERecord?id=CVE-2022-1475