Search for vulnerabilities
Vulnerability details: VCID-7wns-gt58-aaab
Vulnerability ID VCID-7wns-gt58-aaab
Aliases CVE-2022-48434
Summary libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).
Status Published
Exploitability 0.5
Weighted Severity 7.3
Risk 3.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00233 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00380 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
epss 0.0158 https://api.first.org/data/v1/epss?cve=CVE-2022-48434
cvssv3.1 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-48434
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-48434
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-48434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32230
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36617
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOMB6WRUC55VWV25IKJTV22KARBUGWGQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PQHNSWXFUN3VJ3AO2AEJUK3BURSGM5G2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOMB6WRUC55VWV25IKJTV22KARBUGWGQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQHNSWXFUN3VJ3AO2AEJUK3BURSGM5G2/
https://news.ycombinator.com/item?id=35356201
https://security.gentoo.org/glsa/202312-14
https://wrv.github.io/h26forge.pdf
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
CVE-2022-48434 https://nvd.nist.gov/vuln/detail/CVE-2022-48434
USN-6449-1 https://usn.ubuntu.com/6449-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-48434
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-48434
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.43469
EPSS Score 0.00233
Published At April 10, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.