Bug 1203441 - (CVE-2022-2566) VUL-0: CVE-2022-2566: ffmpeg-5: integer overflow in build_open_gop_key_points() leads to out of bounds read
(CVE-2022-2566)
VUL-0: CVE-2022-2566: ffmpeg-5: integer overflow in build_open_gop_key_points...
Status: NEW
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P3 - Medium : Minor (vote)
: ---
Assigned To: Jan Engelhardt
Security Team bot
https://smash.suse.de/issue/342419/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-15 08:50 UTC by Carlos López
Modified: 2022-09-15 09:15 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-09-15 08:50:56 UTC
rh#2126833

ffmpeg (<?)=5.1.1 has an out of bounds read vulnerability.

Sultan caught this before MITRE's made this public, so
all we really have to go on is the commit message:

"avformat/mov: Check count sums in build_open_gop_key_points()

Fixes: ffmpeg.md
Fixes: Out of array access
Fixes: CVE-2022-2566"

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2126833
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2566
Comment 1 Carlos López 2022-09-15 08:51:30 UTC
As far as I can tell, this only affects ffmpeg-5 in Factory (not ffmpeg or ffmpeg-4).

Fix:
https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05