CVE-2022-48434

一、漏洞信息
漏洞编号：CVE-2022-48434
漏洞归属组件：ffmpeg
漏洞归属的版本：4.2.4,4.4.2
CVSS V3.0分值：
BaseScore：8.1 High
Vector：CVSS：3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞简述：
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).
漏洞公开时间：2023-03-30 01:15:07
漏洞创建时间：2023-03-30 09:26:49
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2022-48434

更多参考(点击展开)

参考来源	参考链接	来源链接
cve.mitre.org	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11
cve.mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOMB6WRUC55VWV25IKJTV22KARBUGWGQ/
cve.mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQHNSWXFUN3VJ3AO2AEJUK3BURSGM5G2/
cve.mitre.org	https://news.ycombinator.com/item?id=35356201
cve.mitre.org	https://security.gentoo.org/glsa/202312-14
cve.mitre.org	https://wrv.github.io/h26forge.pdf
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48434	https://bugzilla.suse.com/show_bug.cgi?id=1209934
suse_bugzilla	https://bugzilla.redhat.com/show_bug.cgi?id=2182839	https://bugzilla.suse.com/show_bug.cgi?id=1209934
suse_bugzilla	https://www.cve.org/CVERecord?id=CVE-2022-48434	https://bugzilla.suse.com/show_bug.cgi?id=1209934
suse_bugzilla	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11	https://bugzilla.suse.com/show_bug.cgi?id=1209934
suse_bugzilla	https://news.ycombinator.com/item?id=35356201	https://bugzilla.suse.com/show_bug.cgi?id=1209934
suse_bugzilla	https://wrv.github.io/h26forge.pdf	https://bugzilla.suse.com/show_bug.cgi?id=1209934
redhat_bugzilla	https://wrv.github.io/h26forge.pdf	https://bugzilla.redhat.com/show_bug.cgi?id=2182839
redhat_bugzilla	https://news.ycombinator.com/item?id=35356201	https://bugzilla.redhat.com/show_bug.cgi?id=2182839
redhat_bugzilla	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11	https://bugzilla.redhat.com/show_bug.cgi?id=2182839
ubuntu	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48434	https://ubuntu.com/security/CVE-2022-48434
ubuntu	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11 (n6.1-dev)	https://ubuntu.com/security/CVE-2022-48434
ubuntu	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/35aa7e70e7ec350319e7634a30d8d8aa1e6ecdda (n5.1.2)	https://ubuntu.com/security/CVE-2022-48434
ubuntu	https://wrv.github.io/h26forge.pdf	https://ubuntu.com/security/CVE-2022-48434
ubuntu	https://news.ycombinator.com/item?id=35356201	https://ubuntu.com/security/CVE-2022-48434
ubuntu	https://nvd.nist.gov/vuln/detail/CVE-2022-48434	https://ubuntu.com/security/CVE-2022-48434
ubuntu	https://launchpad.net/bugs/cve/CVE-2022-48434	https://ubuntu.com/security/CVE-2022-48434
ubuntu	https://security-tracker.debian.org/tracker/CVE-2022-48434	https://ubuntu.com/security/CVE-2022-48434
debian		https://security-tracker.debian.org/tracker/CVE-2022-48434
gentoo		https://security.gentoo.org/glsa/202312-14
cve_search		https://wrv.github.io/h26forge.pdf
cve_search		https://news.ycombinator.com/item?id=35356201
cve_search		https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11
cve_search		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQHNSWXFUN3VJ3AO2AEJUK3BURSGM5G2/
cve_search		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOMB6WRUC55VWV25IKJTV22KARBUGWGQ/
cve_search		https://security.gentoo.org/glsa/202312-14
ffmpeg		https://ffmpeg.org/security.html
snyk	https://github.com/FFmpeg/FFmpeg/commit/d7f4ad88a0df3c1339e142957bf2c40cd056b8ce	https://security.snyk.io/vuln/SNYK-UNMANAGED-FFMPEG-5327025
snyk	https://news.ycombinator.com/item?id=35356201	https://security.snyk.io/vuln/SNYK-UNMANAGED-FFMPEG-5327025
cve_search		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQHNSWXFUN3VJ3AO2AEJUK3BURSGM5G2/
cve_search		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOMB6WRUC55VWV25IKJTV22KARBUGWGQ/
cve.mitre.org	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOMB6WRUC55VWV25IKJTV22KARBUGWGQ/
cve.mitre.org	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQHNSWXFUN3VJ3AO2AEJUK3BURSGM5G2/
nvd	https://wrv.github.io/h26forge.pdf
nvd	https://news.ycombinator.com/item?id=35356201
nvd	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11
nvd	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQHNSWXFUN3VJ3AO2AEJUK3BURSGM5G2/
redhat	https://access.redhat.com/security/cve/CVE-2022-48434
nvd	https://wrv.github.io/h26forge.pdf
nvd	https://news.ycombinator.com/item?id=35356201
nvd	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息：

详情(点击展开)

影响的包	修复补丁	来源
	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11	cve.mitre.org
	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11	suse_bugzilla
	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11	redhat_bugzilla
	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11 (n6.1-dev)	ubuntu
	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/35aa7e70e7ec350319e7634a30d8d8aa1e6ecdda (n5.1.2)	ubuntu
	https://github.com/FFmpeg/FFmpeg/commit/d7f4ad88a0df3c1339e142957bf2c40cd056b8ce	snyk
ffmpeg	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11	ubuntu
ffmpeg	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11 (n6.1-dev)	ubuntu
	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11	nvd

二、漏洞分析结构反馈
影响性分析说明：
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).
openEuler评分：
8.1
Vector：CVSS：3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
受影响版本排查(受影响/不受影响)：
1.openEuler-22.03-LTS-SP1(4.2.4):受影响
2.openEuler-22.03-LTS-SP3(4.2.4):受影响
3.openEuler-22.03-LTS-SP4:受影响
4.openEuler-20.03-LTS-SP4(4.2.4):受影响
5.master(4.2.9):不受影响
6.openEuler-24.03-LTS(6.1.1):不受影响
7.openEuler-24.03-LTS-Next(6.1.1):不受影响

修复是否涉及abi变化(是/否)：
1.master(4.2.9):否
2.openEuler-24.03-LTS(6.1.1):否
3.openEuler-24.03-LTS-Next(6.1.1):否
4.openEuler-22.03-LTS-SP1(4.2.4):否
5.openEuler-22.03-LTS-SP3(4.2.4):否
6.openEuler-22.03-LTS-SP4:否
7.openEuler-20.03-LTS-SP4(4.2.4):否

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2024-1877

@ruebb ,@wangxp006 ,@yanan-rock ,@small_leek ,@dou33 ,@t_feng ,@dwl301 ,@weidongkl ,@leeffo 
**issue处理注意事项:** 
**1. 当前issue受影响的分支提交pr时, 须在pr描述中填写当前issue编号进行关联, 否则无法关闭当前issue;**
**2. 模板内容需要填写完整, 无论是受影响或者不受影响都需要填写完整内容,未引入的分支不需要填写, 否则无法关闭当前issue;**
**3. 以下为模板中需要填写完整的内容, 请复制到评论区回复, 注: 内容的标题名称(影响性分析说明, openEuler评分, 受影响版本排查(受影响/不受影响), 修复是否涉及abi变化(是/否))不能省略,省略后cve-manager将无法正常解析填写内容.**
************************************************************************
影响性分析说明:

openEuler评分: (评分和向量)

受影响版本排查(受影响/不受影响): 
1.openEuler-20.03-LTS-SP1(4.2.4):
2.openEuler-20.03-LTS-SP3(4.2.4):
3.openEuler-22.03-LTS(4.2.4):
4.openEuler-22.03-LTS-SP1(4.2.4):

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.2.4):
2.openEuler-20.03-LTS-SP3(4.2.4):
3.openEuler-22.03-LTS(4.2.4):
4.openEuler-22.03-LTS-SP1(4.2.4):

-----------------------------------------------------------------------
issue处理具体操作请参考: 
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
pr关联issue具体操作请参考:
https://gitee.com/help/articles/4142

参考网址	关联pr	状态	补丁链接
https://www.opencve.io/cve/CVE-2022-48434	None	None	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-48434	None	None	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11
https://security-tracker.debian.org/tracker/CVE-2022-48434
https://nvd.nist.gov/vuln/detail/CVE-2022-48434	None	None	https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11
https://ubuntu.com/security/CVE-2022-48434	None	None	https://discourse.ubuntu.com/c/ubuntu-pro
http://www.cnnvd.org.cn/web/vulnerability/queryLds.tag?qcvCnnvdid=CVE-2022-48434

说明：补丁链接仅供初步排查参考，实际可用性请人工再次确认，补丁下载验证可使用CVE补丁工具。
若补丁不准确，烦请在此issue下评论 '/report-patch 参考网址补丁链接1,补丁链接2' 反馈正确信息，便于我们不断优化工具，不胜感激。
如 /report-patch https://security-tracker.debian.org/tracker/CVE-2021-3997 https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1

影响性分析说明:
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).

openEuler评分: (评分和向量)
BaseScore：8.1 High
Vector：CVSS：3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

受影响版本排查(受影响/不受影响):
1.master：不受影响
2.openEuler-24.03-LTS：不受影响
3.openEuler-24.03-LTS-Next：不受影响
4.openEuler-22.03-LTS-SP1：受影响
5.openEuler-22.03-LTS-SP3：受影响
6.openEuler-22.03-LTS-SP4：受影响
7.openEuler-20.03-LTS-SP4：受影响

修复是否涉及abi变化(是/否)：
1.master：否
2.openEuler-24.03-LTS：否
3.openEuler-24.03-LTS-Next：否
4.openEuler-22.03-LTS-SP1：否
5.openEuler-22.03-LTS-SP3：否
6.openEuler-22.03-LTS-SP4：否
7.openEuler-20.03-LTS-SP4：否

src-openEuler/ffmpeg

内容风险标识

评论 (8)

src-openEuler/ffmpeg .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2022-48434

评论 (8)

搜索帮助

src-openEuler/ffmpeg