Vulnerability Details : CVE-2022-1534
Potential exploit
Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.
Products affected by CVE-2022-1534
- cpe:2.3:a:libmobi_project:libmobi:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-1534
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-1534
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.6
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:P |
3.9
|
4.9
|
NIST | |
|
6.6
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
1.8
|
4.7
|
huntr.dev | |
|
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
1.8
|
5.2
|
NIST |
CWE ids for CVE-2022-1534
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
-
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.Assigned by: security@huntr.dev (Secondary)
References for CVE-2022-1534
-
https://huntr.dev/bounties/9a90ffa1-38f5-4685-9c00-68ba9068ce3d
Buffer Over-read at parse_rawml.c:1416 vulnerability found in libmobiExploit;Issue Tracking;Patch;Third Party Advisory
-
https://github.com/bfabiszewski/libmobi/commit/fb1ab50e448ddbed746fd27ae07469bc506d838b
Fix array boundary check when parsing inflections which could result … · bfabiszewski/libmobi@fb1ab50 · GitHubPatch;Third Party Advisory
Jump to