发布于3月6日3月6日 Members SUSE: CVE-2022-48434: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/29/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/28/2025 Description libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). Solution(s) suse-upgrade-ffmpeg suse-upgrade-ffmpeg-4 suse-upgrade-ffmpeg-4-libavcodec-devel suse-upgrade-ffmpeg-4-libavdevice-devel suse-upgrade-ffmpeg-4-libavfilter-devel suse-upgrade-ffmpeg-4-libavformat-devel suse-upgrade-ffmpeg-4-libavresample-devel suse-upgrade-ffmpeg-4-libavutil-devel suse-upgrade-ffmpeg-4-libpostproc-devel suse-upgrade-ffmpeg-4-libswresample-devel suse-upgrade-ffmpeg-4-libswscale-devel suse-upgrade-ffmpeg-4-private-devel suse-upgrade-ffmpeg-private-devel suse-upgrade-libavcodec-devel suse-upgrade-libavcodec57 suse-upgrade-libavcodec57-32bit suse-upgrade-libavcodec58_134 suse-upgrade-libavcodec58_134-32bit suse-upgrade-libavdevice-devel suse-upgrade-libavdevice57 suse-upgrade-libavdevice57-32bit suse-upgrade-libavdevice58_13 suse-upgrade-libavdevice58_13-32bit suse-upgrade-libavfilter-devel suse-upgrade-libavfilter6 suse-upgrade-libavfilter6-32bit suse-upgrade-libavfilter7_110 suse-upgrade-libavfilter7_110-32bit suse-upgrade-libavformat-devel suse-upgrade-libavformat57 suse-upgrade-libavformat57-32bit suse-upgrade-libavformat58_76 suse-upgrade-libavformat58_76-32bit suse-upgrade-libavresample-devel suse-upgrade-libavresample3 suse-upgrade-libavresample3-32bit suse-upgrade-libavresample4_0 suse-upgrade-libavresample4_0-32bit suse-upgrade-libavutil-devel suse-upgrade-libavutil55 suse-upgrade-libavutil55-32bit suse-upgrade-libavutil56_70 suse-upgrade-libavutil56_70-32bit suse-upgrade-libpostproc-devel suse-upgrade-libpostproc54 suse-upgrade-libpostproc54-32bit suse-upgrade-libpostproc55_9 suse-upgrade-libpostproc55_9-32bit suse-upgrade-libswresample-devel suse-upgrade-libswresample2 suse-upgrade-libswresample2-32bit suse-upgrade-libswresample3_9 suse-upgrade-libswresample3_9-32bit suse-upgrade-libswscale-devel suse-upgrade-libswscale4 suse-upgrade-libswscale4-32bit suse-upgrade-libswscale5_9 suse-upgrade-libswscale5_9-32bit References https://attackerkb.com/topics/cve-2022-48434 CVE - 2022-48434
