CVE-2022-2566 - Vulnerability Details - OpenCVE

A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Ffmpeg	Ffmpeg

Configuration 1 [-]

cpe:2.3:a:ffmpeg:ffmpeg:5.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05

History

Mon, 21 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2022-09-23T11:10:14.367Z

Updated: 2025-04-21T13:49:02.102Z

Reserved: 2022-07-28T00:00:00.000Z

Link: CVE-2022-2566

Vulnrichment

Updated: 2024-08-03T00:39:07.996Z

NVD

Status : Modified

Published: 2022-09-23T12:15:10.103

Modified: 2024-11-21T07:01:15.690

Link: CVE-2022-2566

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "FFMPEG", "vendor": "FFMPEG", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "5.1", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "ab77b878f1205225c6de1370fb0e998dbcc8bc69", "versionType": "custom"}, {"lessThan": "c953baa084607dd1d84c3bfcce3cf6a87c3e6e05", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-08-27T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-27T15:30:12.000Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05"}], "source": {"discovery": "INTERNAL"}, "title": "Heap-memory write in FFMPEG", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "DATE_PUBLIC": "2022-08-27T22:00:00.000Z", "ID": "CVE-2022-2566", "STATE": "PUBLIC", "TITLE": "Heap-memory write in FFMPEG"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FFMPEG", "version": {"version_data": [{"version_affected": ">=", "version_value": "5.1"}, {"version_affected": ">=", "version_value": "ab77b878f1205225c6de1370fb0e998dbcc8bc69"}, {"version_affected": "<", "version_value": "c953baa084607dd1d84c3bfcce3cf6a87c3e6e05"}]}}]}, "vendor_name": "FFMPEG"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122 Heap-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05", "refsource": "MISC", "url": "https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05"}]}, "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:07.996Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-21T13:36:59.031026Z", "id": "CVE-2022-2566", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T13:49:02.102Z"}}]}, "cveMetadata": {"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-2566", "datePublished": "2022-09-23T11:10:14.367Z", "dateReserved": "2022-07-28T00:00:00.000Z", "dateUpdated": "2025-04-21T13:49:02.102Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:07.996Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-2566", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-21T13:36:59.031026Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T13:37:00.782Z"}}], "cna": {"title": "Heap-memory write in FFMPEG", "source": {"discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "FFMPEG", "product": "FFMPEG", "versions": [{"status": "affected", "version": "5.1", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "ab77b878f1205225c6de1370fb0e998dbcc8bc69", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "c953baa084607dd1d84c3bfcce3cf6a87c3e6e05", "versionType": "custom"}]}], "datePublic": "2022-08-27T00:00:00.000Z", "references": [{"url": "https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05", "tags": ["x_refsource_MISC"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2022-09-27T15:30:12.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "CHANGED", "version": "3.1", "baseScore": 9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, "source": {"discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "5.1", "version_affected": ">="}, {"version_value": "ab77b878f1205225c6de1370fb0e998dbcc8bc69", "version_affected": ">="}, {"version_value": "c953baa084607dd1d84c3bfcce3cf6a87c3e6e05", "version_affected": "<"}]}, "product_name": "FFMPEG"}]}, "vendor_name": "FFMPEG"}]}}, "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05", "name": "https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122 Heap-based Buffer Overflow"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-2566", "STATE": "PUBLIC", "TITLE": "Heap-memory write in FFMPEG", "ASSIGNER": "security@google.com", "DATE_PUBLIC": "2022-08-27T22:00:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2022-2566", "state": "PUBLISHED", "dateUpdated": "2025-04-21T13:49:02.102Z", "dateReserved": "2022-07-28T00:00:00.000Z", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "datePublished": "2022-09-23T11:10:14.367Z", "assignerShortName": "Google"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ffmpeg:ffmpeg:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B9105334-E041-4B8A-8EF2-79FBC94391F1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05"}, {"lang": "es", "value": "Existe una escritura de memoria fuera de los l\u00edmites del mont\u00f3n en FFMPEG desde la versi\u00f3n 5.1. El c\u00e1lculo del tama\u00f1o en `build_open_gop_key_points()` recorre todas las entradas del bucle y a\u00f1ade `sc->ctts_data[i].count` a `sc->sample_offsets_count`. Esto puede conducir a un desbordamiento de enteros que resulta en una peque\u00f1a asignaci\u00f3n con `av_calloc()`. Un atacante puede provocar la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de un archivo mp4 malicioso. Recomendamos actualizar el commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05"}], "id": "CVE-2022-2566", "lastModified": "2024-11-21T07:01:15.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "cve-coordination@google.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-23T12:15:10.103", "references": [{"source": "cve-coordination@google.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "cve-coordination@google.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}