PT-2022-18613 · Unknown · Libsapeextractor
Kiwan Ko
·
Published
2022-04-11
·
Updated
2022-04-18
·
CVE-2022-27825
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
libsapeextractor library versions prior to SMR Apr-2022 Release 1
Description
The issue is related to an improper size check in the
sapefd parse meta HEADER function, which allows for an out of bounds read. This can be triggered by a crafted media file.Recommendations
For versions prior to SMR Apr-2022 Release 1, update to SMR Apr-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the
sapefd parse meta HEADER function until a patch is available. Avoid using the libsapeextractor library with untrusted media files until the issue is resolved.Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libsapeextractor