CVE-2022-47021

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions xiph opusfile versions 0.9 through 0.12

Description A null pointer dereference issue was discovered in functions op get data and op open1 in opusfile.c. This issue may allow attackers to cause a denial of service or other unspecified impacts. The vulnerability is related to the opusfile library, a stream decoder for the opus format.

Recommendations For versions 0.9 through 0.12, consider disabling the op get data and op open1 functions in opusfile.c as a temporary workaround to minimize the risk of exploitation. Restrict access to the vulnerable opusfile.c module to prevent potential attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2020-3228

BDU:2023-00624

CVE-2022-47021

MGASA-2023-0042

OESA-2023-1062

OPENSUSE-SU-2024:0013-1

OPENSUSE-SU-2024:12799-1

ROSA-SA-2025-2616

USN-5937-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Red Os

Ubuntu

Opusfile

CVE-2022-47021

Weakness Enumeration

Related Identifiers

Affected Products

References · 35