{"id":"UBUNTU-CVE-2022-3965","details":"A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.","modified":"2026-01-30T00:34:50.938481Z","published":"2022-11-13T08:15:00Z","withdrawn":"2025-11-13T05:06:41Z","related":["USN-5958-1"],"upstream":["CVE-2022-3965"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3965"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5958-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2022-3965"}],"affected":[{"package":{"name":"ffmpeg","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/ffmpeg@7:6.1.1-3ubuntu5+esm6?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7:6.0-6ubuntu1","7:6.0-9ubuntu1","7:6.1-2ubuntu1","7:6.1-3ubuntu1","7:6.1-4ubuntu1","7:6.1-5ubuntu1","7:6.1.1-1ubuntu1","7:6.1.1-3ubuntu1","7:6.1.1-3ubuntu5","7:6.1.1-3ubuntu5+esm1","7:6.1.1-3ubuntu5+esm2","7:6.1.1-3ubuntu5+esm3","7:6.1.1-3ubuntu5+esm4","7:6.1.1-3ubuntu5+esm5","7:6.1.1-3ubuntu5+esm6"],"ecosystem_specific":{"binaries":[{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"ffmpeg"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavcodec-dev"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavcodec-extra"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavcodec-extra60"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavcodec60"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavdevice-dev"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavdevice60"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavfilter-dev"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavfilter-extra"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavfilter-extra9"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavfilter9"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavformat-dev"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavformat-extra"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavformat-extra60"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavformat60"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavutil-dev"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libavutil58"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libpostproc-dev"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libpostproc57"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libswresample-dev"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libswresample4"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libswscale-dev"},{"binary_version":"7:6.1.1-3ubuntu5+esm6","binary_name":"libswscale7"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3965.json"}},{"package":{"name":"ffmpeg","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/ffmpeg@7:7.1.1-1ubuntu4?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7:7.1.1-1ubuntu1","7:7.1.1-1ubuntu2","7:7.1.1-1ubuntu3","7:7.1.1-1ubuntu4"],"ecosystem_specific":{"binaries":[{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"ffmpeg"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavcodec-dev"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavcodec-extra"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavcodec-extra61"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavcodec61"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavdevice-dev"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavdevice61"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavfilter-dev"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavfilter-extra"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavfilter-extra10"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavfilter10"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavformat-dev"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavformat-extra"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavformat-extra61"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavformat61"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavutil-dev"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libavutil59"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libpostproc-dev"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libpostproc58"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libswresample-dev"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libswresample5"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libswscale-dev"},{"binary_version":"7:7.1.1-1ubuntu4","binary_name":"libswscale8"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3965.json"}},{"package":{"name":"ffmpeg","ecosystem":"Ubuntu:25.04","purl":"pkg:deb/ubuntu/ffmpeg@7:7.1.1-1ubuntu1.2?arch=source&distro=plucky"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7:7.0.2-3ubuntu1","7:7.1-3ubuntu1","7:7.1-3ubuntu2","7:7.1-3ubuntu3","7:7.1-4ubuntu1","7:7.1-4ubuntu2","7:7.1.1-1ubuntu1","7:7.1.1-1ubuntu1.1","7:7.1.1-1ubuntu1.2"],"ecosystem_specific":{"binaries":[{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"ffmpeg"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavcodec-dev"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavcodec-extra"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavcodec-extra61"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavcodec61"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavdevice-dev"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavdevice61"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavfilter-dev"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavfilter-extra"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavfilter-extra10"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavfilter10"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavformat-dev"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavformat-extra"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavformat-extra61"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavformat61"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavutil-dev"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libavutil59"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libpostproc-dev"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libpostproc58"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libswresample-dev"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libswresample5"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libswscale-dev"},{"binary_version":"7:7.1.1-1ubuntu1.2","binary_name":"libswscale8"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3965.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}