PT-2022-18487 · Libsimba · Libsimba
Dawuge
·
Published
2022-04-11
·
Updated
2022-04-18
·
CVE-2022-27567
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
libsimba library versions prior to SMR Apr-2022 Release 1
Description
The issue is related to a null pointer dereference vulnerability in the
parser hvcC function of the libsimba library. This vulnerability allows remote attackers to perform an out of bounds write.Recommendations
For versions prior to SMR Apr-2022 Release 1, update to the SMR Apr-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the
parser hvcC function until a patch is available.Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libsimba