Search for vulnerabilities
Vulnerability details: VCID-d5ad-dpn1-aaaj
Vulnerability ID VCID-d5ad-dpn1-aaaj
Aliases CVE-2022-3965
Summary A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.
Status Published
Exploitability 0.5
Weighted Severity 7.3
Risk 3.6
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-125 Out-of-bounds Read
System Score Found at
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00036 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00147 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
epss 0.00207 https://api.first.org/data/v1/epss?cve=CVE-2022-3965
cvssv3.1 7.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3965
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-3965
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-3965
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/13c13109759090b7f7182480d075e13b36ed8edd
https://security.gentoo.org/glsa/202312-14
https://vuldb.com/?id.213544
cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*
CVE-2022-3965 https://nvd.nist.gov/vuln/detail/CVE-2022-3965
USN-5958-1 https://usn.ubuntu.com/5958-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3965
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3965
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.06906
EPSS Score 0.00036
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.