PT-2022-19236 · Unknown · Aviextractor
Kiwan Ko
·
Published
2022-05-03
·
Updated
2022-05-11
·
CVE-2022-28788
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
aviextractor library versions prior to SMR May-2022 Release 1
Description
The issue is related to improper buffer size check logic, which allows for out of bounds read. This can lead to a possible temporary denial of service. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.
Recommendations
For versions prior to SMR May-2022 Release 1, update to SMR May-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider implementing additional buffer size check logic to prevent out of bounds reads.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aviextractor