ISHACK AI BOT

Amazon Linux AMI 2: CVE-2022-3775: Security patch for grub2 (ALAS-2023-2146) Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 12/19/2022 Created 07/21/2023 Added 07/21/2023 Modified 01/30/2025 Description When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. Solution(s) amazon-linux-ami-2-upgrade-grub2 amazon-linux-ami-2-upgrade-grub2-common amazon-linux-ami-2-upgrade-grub2-debuginfo amazon-linux-ami-2-upgrade-grub2-efi-aa64 amazon-linux-ami-2-upgrade-grub2-efi-aa64-cdboot amazon-linux-ami-2-upgrade-grub2-efi-aa64-ec2 amazon-linux-ami-2-upgrade-grub2-efi-aa64-modules amazon-linux-ami-2-upgrade-grub2-efi-x64 amazon-linux-ami-2-upgrade-grub2-efi-x64-cdboot amazon-linux-ami-2-upgrade-grub2-efi-x64-ec2 amazon-linux-ami-2-upgrade-grub2-efi-x64-modules amazon-linux-ami-2-upgrade-grub2-emu amazon-linux-ami-2-upgrade-grub2-emu-modules amazon-linux-ami-2-upgrade-grub2-pc amazon-linux-ami-2-upgrade-grub2-pc-modules amazon-linux-ami-2-upgrade-grub2-tools amazon-linux-ami-2-upgrade-grub2-tools-efi amazon-linux-ami-2-upgrade-grub2-tools-extra amazon-linux-ami-2-upgrade-grub2-tools-minimal References https://attackerkb.com/topics/cve-2022-3775 AL2/ALAS-2023-2146 CVE - 2022-3775

Huawei EulerOS: CVE-2021-33640: libtar security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/19/2022 Created 03/10/2023 Added 03/09/2023 Modified 01/28/2025 Description After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free). Solution(s) huawei-euleros-2_0_sp9-upgrade-libtar-help References https://attackerkb.com/topics/cve-2021-33640 CVE - 2021-33640 EulerOS-SA-2023-1473

Ubuntu: USN-6036-1 (CVE-2022-44940): PatchELF vulnerability Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:C) Published 12/19/2022 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. Solution(s) ubuntu-pro-upgrade-patchelf References https://attackerkb.com/topics/cve-2022-44940 CVE - 2022-44940 USN-6036-1

Debian: CVE-2022-32749: trafficserver -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/19/2022 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3. Solution(s) debian-upgrade-trafficserver References https://attackerkb.com/topics/cve-2022-32749 CVE - 2022-32749 DSA-5311-1

Debian: CVE-2022-37392: trafficserver -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 12/19/2022 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server.This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Solution(s) debian-upgrade-trafficserver References https://attackerkb.com/topics/cve-2022-37392 CVE - 2022-37392 DSA-5311-1

Huawei EulerOS: CVE-2022-4603: ppp security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 12/18/2022 Created 03/10/2023 Added 03/09/2023 Modified 01/28/2025 Description A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario. Solution(s) huawei-euleros-2_0_sp9-upgrade-ppp References https://attackerkb.com/topics/cve-2022-4603 CVE - 2022-4603 EulerOS-SA-2023-1479

Gentoo Linux: CVE-2022-1097: Mozilla Network Security Service (NSS): Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 12/19/2022 Created 12/20/2022 Added 12/19/2022 Modified 01/28/2025 Description <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. Solution(s) gentoo-linux-upgrade-dev-libs-nss References https://attackerkb.com/topics/cve-2022-1097 CVE - 2022-1097 202212-05

Ubuntu: USN-5932-1 (CVE-2022-47516): Sofia-SIP vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/18/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion. Solution(s) ubuntu-pro-upgrade-libsofia-sip-ua-glib3 ubuntu-pro-upgrade-libsofia-sip-ua0 ubuntu-pro-upgrade-sofia-sip-bin References https://attackerkb.com/topics/cve-2022-47516 CVE - 2022-47516 DSA-5410 USN-5932-1

VMware Photon OS: CVE-2022-20566 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/16/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-20566 CVE - 2022-20566

Ubuntu: (Multiple Advisories) (CVE-2022-47519): Linux kernel vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/18/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1016-gkeop ubuntu-upgrade-linux-image-5-15-0-1025-raspi ubuntu-upgrade-linux-image-5-15-0-1025-raspi-nolpae ubuntu-upgrade-linux-image-5-15-0-1026-ibm ubuntu-upgrade-linux-image-5-15-0-1026-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1028-gke ubuntu-upgrade-linux-image-5-15-0-1029-kvm ubuntu-upgrade-linux-image-5-15-0-1030-gcp ubuntu-upgrade-linux-image-5-15-0-1030-oracle ubuntu-upgrade-linux-image-5-15-0-1031-aws ubuntu-upgrade-linux-image-5-15-0-1034-azure ubuntu-upgrade-linux-image-5-15-0-1034-azure-fde ubuntu-upgrade-linux-image-5-15-0-67-generic ubuntu-upgrade-linux-image-5-15-0-67-generic-64k ubuntu-upgrade-linux-image-5-15-0-67-generic-lpae ubuntu-upgrade-linux-image-5-15-0-67-lowlatency ubuntu-upgrade-linux-image-5-15-0-67-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1014-raspi ubuntu-upgrade-linux-image-5-19-0-1014-raspi-nolpae ubuntu-upgrade-linux-image-5-19-0-1018-gcp ubuntu-upgrade-linux-image-5-19-0-1018-ibm ubuntu-upgrade-linux-image-5-19-0-1018-lowlatency ubuntu-upgrade-linux-image-5-19-0-1018-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1018-oracle ubuntu-upgrade-linux-image-5-19-0-1019-kvm ubuntu-upgrade-linux-image-5-19-0-1020-aws ubuntu-upgrade-linux-image-5-19-0-1021-azure ubuntu-upgrade-linux-image-5-19-0-35-generic ubuntu-upgrade-linux-image-5-19-0-35-generic-64k ubuntu-upgrade-linux-image-5-19-0-35-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2022-47519 CVE - 2022-47519 USN-5911-1 USN-5912-1 USN-5929-1 USN-5935-1 USN-5938-1 USN-5941-1 USN-5950-1 USN-5962-1 View more

VMware Photon OS: CVE-2022-47518 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/18/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-47518 CVE - 2022-47518

VMware Photon OS: CVE-2022-47521 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/18/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-47521 CVE - 2022-47521

Ubuntu: (Multiple Advisories) (CVE-2022-20566): Linux kernel (AWS) vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/16/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel Solution(s) ubuntu-upgrade-linux-image-4-4-0-1116-aws ubuntu-upgrade-linux-image-4-4-0-1117-kvm ubuntu-upgrade-linux-image-4-4-0-1154-aws ubuntu-upgrade-linux-image-4-4-0-237-generic ubuntu-upgrade-linux-image-4-4-0-237-lowlatency ubuntu-upgrade-linux-image-5-14-0-1058-oem ubuntu-upgrade-linux-image-5-17-0-1028-oem ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-lts-xenial References https://attackerkb.com/topics/cve-2022-20566 CVE - 2022-20566 USN-5884-1 USN-5913-1 USN-5926-1

CentOS Linux: CVE-2022-46880: Important: firefox security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 12/16/2022 Created 12/16/2022 Added 12/16/2022 Modified 01/28/2025 Description A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-firefox-debugsource centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo centos-upgrade-thunderbird-debugsource References CVE-2022-46880

Debian: CVE-2022-46878: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/16/2022 Created 12/16/2022 Added 12/16/2022 Modified 01/28/2025 Description Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-46878 CVE - 2022-46878 DSA-5301-1

Debian: CVE-2022-46872: firefox-esr, thunderbird -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 12/16/2022 Created 12/16/2022 Added 12/16/2022 Modified 01/28/2025 Description An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-46872 CVE - 2022-46872 DSA-5301-1

Debian: CVE-2022-46881: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/16/2022 Created 12/16/2022 Added 12/16/2022 Modified 01/28/2025 Description An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-46881 CVE - 2022-46881 DSA-5301-1

Debian: CVE-2022-46874: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/16/2022 Created 12/16/2022 Added 12/16/2022 Modified 01/28/2025 Description A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-46874 CVE - 2022-46874 DSA-5301-1

Debian: CVE-2022-46882: firefox-esr, thunderbird -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/16/2022 Created 12/16/2022 Added 12/16/2022 Modified 01/28/2025 Description A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-46882 CVE - 2022-46882 DSA-5301-1

Debian: CVE-2022-46880: firefox-esr, thunderbird -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 12/16/2022 Created 12/16/2022 Added 12/16/2022 Modified 01/28/2025 Description A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-46880 CVE - 2022-46880 DSA-5301-1

Red Hat: CVE-2022-46872: CVE-2022-46872 Mozilla: Arbitrary file read from a compromised content process (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 12/16/2022 Created 12/16/2022 Added 12/16/2022 Modified 01/28/2025 Description An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2022-46872 RHSA-2022:9065 RHSA-2022:9066 RHSA-2022:9067 RHSA-2022:9068 RHSA-2022:9069 RHSA-2022:9072 RHSA-2022:9074 RHSA-2022:9075 RHSA-2022:9078 RHSA-2022:9079 RHSA-2022:9080 RHSA-2022:9081 View more

Samba CVE-2022-45141: CVE-2022-37966, CVE-2022-37967, CVE-2022-38023 and CVE-2022-45141. Please see announcements for details. Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/16/2022 Created 12/16/2022 Added 12/16/2022 Modified 01/28/2025 Description Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). Solution(s) samba-upgrade-4_15_13 References https://attackerkb.com/topics/cve-2022-45141 CVE - 2022-45141 http://www.samba.org/samba/security/CVE-2022-45141.html

Red Hat: CVE-2022-46881: CVE-2022-46881 Mozilla: Memory corruption in WebGL (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/16/2022 Created 12/16/2022 Added 12/16/2022 Modified 01/28/2025 Description An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2022-46881 RHSA-2022:9065 RHSA-2022:9066 RHSA-2022:9067 RHSA-2022:9068 RHSA-2022:9069 RHSA-2022:9072 RHSA-2022:9074 RHSA-2022:9075 RHSA-2022:9078 RHSA-2022:9079 RHSA-2022:9080 RHSA-2022:9081 View more

FFmpeg: CVE-2022-3109: NULL Pointer Dereference Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/16/2022 Created 12/23/2022 Added 12/22/2022 Modified 01/28/2025 Description An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. Solution(s) ffmpeg-upgrade-3_4_13 ffmpeg-upgrade-4_1_11 ffmpeg-upgrade-4_2_9 ffmpeg-upgrade-4_3_6 ffmpeg-upgrade-4_4_4 ffmpeg-upgrade-5_0_3 ffmpeg-upgrade-5_1 References https://attackerkb.com/topics/cve-2022-3109 CVE - 2022-3109

Red Hat: CVE-2022-46880: CVE-2022-46880 Mozilla: Use-after-free in WebGL (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 12/16/2022 Created 12/16/2022 Added 12/16/2022 Modified 01/28/2025 Description A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2022-46880 RHSA-2022:9065 RHSA-2022:9066 RHSA-2022:9067 RHSA-2022:9068 RHSA-2022:9069 RHSA-2022:9072 RHSA-2022:9074 RHSA-2022:9075 RHSA-2022:9078 RHSA-2022:9079 RHSA-2022:9080 RHSA-2022:9081 View more