A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Google
Published: 2022-09-23T11:10:14.367527Z
Updated: 2024-09-17T03:53:34.207Z
Reserved: 2022-07-28T00:00:00
Link: CVE-2022-2566
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-09-23T12:15:10.103
Modified: 2023-06-27T20:44:29.407
Link: CVE-2022-2566
Redhat
No data.