PT-2022-19235 · Unknown · Wmfextractor
Kiwan Ko
·
Published
2022-05-03
·
Updated
2022-05-11
·
CVE-2022-28787
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
wmfextractor library versions prior to SMR May-2022 Release 1
Description
The issue is caused by improper buffer size check logic in the wmfextractor library, allowing out of bounds read. This can lead to a possible temporary denial of service. The patch for this issue adds buffer size check logic to prevent such occurrences.
Recommendations
For versions prior to SMR May-2022 Release 1, update to the SMR May-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the wmfextractor library until the patch is applied.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wmfextractor