{"id":"UBUNTU-CVE-2022-4907","details":"Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)","modified":"2025-10-24T04:53:19Z","published":"2023-07-29T00:15:00Z","withdrawn":"2025-11-13T05:06:44Z","upstream":["CVE-2022-4907"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-4907"},{"type":"REPORT","url":"https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html"},{"type":"REPORT","url":"https://crbug.com/1358168"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2022-4907"}],"affected":[{"package":{"name":"ffmpeg","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/ffmpeg@7:6.1.1-3ubuntu5+esm6?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7:6.0-6ubuntu1","7:6.0-9ubuntu1","7:6.1-2ubuntu1","7:6.1-3ubuntu1","7:6.1-4ubuntu1","7:6.1-5ubuntu1","7:6.1.1-1ubuntu1","7:6.1.1-3ubuntu1","7:6.1.1-3ubuntu5","7:6.1.1-3ubuntu5+esm1","7:6.1.1-3ubuntu5+esm2","7:6.1.1-3ubuntu5+esm3","7:6.1.1-3ubuntu5+esm4","7:6.1.1-3ubuntu5+esm5","7:6.1.1-3ubuntu5+esm6"],"ecosystem_specific":{"binaries":[{"binary_name":"ffmpeg","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavcodec-dev","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavcodec-extra","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavcodec-extra60","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavcodec60","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavdevice-dev","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavdevice60","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavfilter-dev","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavfilter-extra","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavfilter-extra9","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavfilter9","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavformat-dev","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavformat-extra","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavformat-extra60","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavformat60","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavutil-dev","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libavutil58","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libpostproc-dev","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libpostproc57","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libswresample-dev","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libswresample4","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libswscale-dev","binary_version":"7:6.1.1-3ubuntu5+esm6"},{"binary_name":"libswscale7","binary_version":"7:6.1.1-3ubuntu5+esm6"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4907.json"}},{"package":{"name":"ffmpeg","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/ffmpeg@7:7.1.1-1ubuntu4?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7:7.1.1-1ubuntu1","7:7.1.1-1ubuntu2","7:7.1.1-1ubuntu3","7:7.1.1-1ubuntu4"],"ecosystem_specific":{"binaries":[{"binary_name":"ffmpeg","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavcodec-dev","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavcodec-extra","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavcodec-extra61","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavcodec61","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavdevice-dev","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavdevice61","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavfilter-dev","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavfilter-extra","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavfilter-extra10","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavfilter10","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavformat-dev","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavformat-extra","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavformat-extra61","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavformat61","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavutil-dev","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libavutil59","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libpostproc-dev","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libpostproc58","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libswresample-dev","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libswresample5","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libswscale-dev","binary_version":"7:7.1.1-1ubuntu4"},{"binary_name":"libswscale8","binary_version":"7:7.1.1-1ubuntu4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4907.json"}},{"package":{"name":"ffmpeg","ecosystem":"Ubuntu:25.04","purl":"pkg:deb/ubuntu/ffmpeg@7:7.1.1-1ubuntu1.2?arch=source&distro=plucky"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7:7.0.2-3ubuntu1","7:7.1-3ubuntu1","7:7.1-3ubuntu2","7:7.1-3ubuntu3","7:7.1-4ubuntu1","7:7.1-4ubuntu2","7:7.1.1-1ubuntu1","7:7.1.1-1ubuntu1.1","7:7.1.1-1ubuntu1.2"],"ecosystem_specific":{"binaries":[{"binary_name":"ffmpeg","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavcodec-dev","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavcodec-extra","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavcodec-extra61","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavcodec61","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavdevice-dev","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavdevice61","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavfilter-dev","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavfilter-extra","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavfilter-extra10","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavfilter10","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavformat-dev","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavformat-extra","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavformat-extra61","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavformat61","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavutil-dev","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libavutil59","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libpostproc-dev","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libpostproc58","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libswresample-dev","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libswresample5","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libswscale-dev","binary_version":"7:7.1.1-1ubuntu1.2"},{"binary_name":"libswscale8","binary_version":"7:7.1.1-1ubuntu1.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-4907.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}