Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2022-48434

Published: 29 March 2023

libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).

Notes

AuthorNote
ccdm94
As of 2023-04-26 there is no public reproducer available for this issue,
so there is no way to confirm through vulnerability testing that Xenial
and Bionic are vulnerable to this issue.

Xenial's version of FFmpeg is 2.8. Upstream has only provided patches
for versions 4.4.x, 5.0.x and 5.1.x. Considering that the code for
pthread_frame.c (file altered by the patch) and for FFmpeg has changed
significantly from version 2.8 to version 4.4.3, applying the 4.4.3
patch is very likely to introduce security issues and regressions.
Because of the very intrusive nature of the backport, Xenial and Bionic
(at version 3.4) will not be patched for this issue, and will therefore
be marked as ignored.

Priority

Medium

Cvss 3 Severity Score

8.1

Score breakdown

Status

Package Release Status
ffmpeg
Launchpad, Ubuntu, Debian
bionic
Released (7:3.4.11-0ubuntu0.1+esm3)
Available with Ubuntu Pro
focal
Released (7:4.2.7-0ubuntu0.1+esm3)
Available with Ubuntu Pro
jammy
Released (7:4.4.2-0ubuntu0.22.04.1+esm2)
Available with Ubuntu Pro
kinetic Ignored
(end of life, was needed)
lunar Not vulnerable
(7:5.1.2-3ubuntu1)
mantic Not vulnerable
(7:5.1.2-3ubuntu1)
noble Not vulnerable
(7:5.1.2-3ubuntu1)
trusty Ignored
(end of standard support)
upstream
Released (7:5.1.2-1, 5.1.2, 5.0.1, 4.4.3)
xenial Ignored
(see notes)
Patches:
upstream: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d4b7b3c03ee2baf0166ce49dff17ec9beff684db
upstream: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3bc28e9d1ab33627cea3c632dd6b0c33e22e93ba
upstream: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/35aa7e70e7ec350319e7634a30d8d8aa1e6ecdda
upstream: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11

Severity score breakdown

Parameter Value
Base score 8.1
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H