Lucene search

K

MitreCVELIST:CVE-2022-24599

HistoryFeb 22, 2022 - 12:00 a.m.

CVE-2022-24599

2022-02-2200:00:00

mitre

www.cve.org

2

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.2%

In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn’t use zero bytes to truncate the data.

References

github.com/mpruett/audiofile/issues/60

lists.debian.org/debian-lts-announce/2023/11/msg00006.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4JXZ6QAMA3TSRY6GUZRY3WTHR7P5TPH/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTETOUJNRR75REYJZTBGF6TAJZYTMXUY/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZPG27YKICLIWUFOPVUOAFAZGOX4BNHY/

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.2%

Related for CVELIST:CVE-2022-24599

ubuntucve1 openvas7 redhatcve1 fedora3 prion1 nessus9 osv3 nvd1 cve1 mageia1 amazon1 debiancve1 debian1 cloudfoundry1 ubuntu1