CVE-2022-3965

Publication date 13 November 2022

Last updated 11 July 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

4.3 · Medium

Score breakdown

Description

A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.

Read the notes from the security team

Status

Package Ubuntu Release Status
ffmpeg 26.04 LTS resolute
Not affected
25.10 questing
Not affected
25.04 plucky
Not affected
24.10 oracular Ignored end of life, was needed
24.04 LTS noble
Not affected
23.10 mantic Ignored end of life, was needed
23.04 lunar Ignored end of life, was needed
22.10 kinetic
Fixed 7:5.1.1-1ubuntu2.1
22.04 LTS jammy
Not affected
20.04 LTS focal
Not affected
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release

Notes

ccdm94

the Apple Graphics (SMC) Encoder functions are not available in ffmpeg before version 5.0, meaning, versions before 5.0 are not vulnerable to this issue.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
ffmpeg

Severity score breakdown

CVSS version: CVSS v3.0

Base score 4.3 · Medium

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References

Related Ubuntu Security Notices (USN)

Other references

Access our resources on patching vulnerabilities