Bug 2182839 (CVE-2022-48434) - CVE-2022-48434 ffmpeg: Use after free in libavcodec/pthread_frame.c
Summary: CVE-2022-48434 ffmpeg: Use after free in libavcodec/pthread_frame.c
Keywords:
Status: CLOSED UPSTREAM
Alias: CVE-2022-48434
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2182843 2182840 2182841 2182842 2182844 2182845 2182846 2182847 2182848
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-03-29 19:18 UTC by Pedro Sampaio
Modified: 2023-03-29 23:15 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-03-29 23:15:53 UTC
Embargoed:


Attachments (Terms of Use)

Description Pedro Sampaio 2023-03-29 19:18:34 UTC
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).

https://wrv.github.io/h26forge.pdf
https://news.ycombinator.com/item?id=35356201
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11

Comment 1 Pedro Sampaio 2023-03-29 19:18:47 UTC
Created ffmpeg tracking bugs for this issue:

Affects: fedora-all [bug 2182840]

Comment 2 Pedro Sampaio 2023-03-29 19:20:09 UTC
Created chromium tracking bugs for this issue:

Affects: epel-all [bug 2182841]


Created ffmpegthumbs tracking bugs for this issue:

Affects: fedora-all [bug 2182844]


Created nv-codec-headers tracking bugs for this issue:

Affects: epel-all [bug 2182842]
Affects: fedora-all [bug 2182845]


Created python-mne tracking bugs for this issue:

Affects: fedora-all [bug 2182846]


Created qt5-qtwebengine tracking bugs for this issue:

Affects: epel-all [bug 2182843]
Affects: fedora-all [bug 2182847]


Created qt6-qtwebengine tracking bugs for this issue:

Affects: fedora-all [bug 2182848]

Comment 3 Product Security DevOps Team 2023-03-29 23:15:51 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.


Note You need to log in before you can comment on or make changes to this bug.