Lucene search

GitHub Advisory DatabaseGHSA-JMHJ-VH4Q-HHMQ

HistoryMay 03, 2022 - 3:47 a.m.

tkvideo has a memory issue in playing videos

2022-05-0303:47:34

CWE-400

GitHub Advisory Database

github.com

tkvideo

memory consumption

small files

software

upgrade

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

39.2%

JSON

Huge memory consumption even when playing small files. This issue has been patched in 2.0.0. Please upgrade to version 2.0.0 or above.

Affected configurations

Vulners

Node

pythontkvideoplayerRange<2.0.0

VendorProductVersionCPE
pythontkvideoplayer*cpe:2.3:a:python:tkvideoplayer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
python	tkvideoplayer	*	cpe:2.3:a:python:tkvideoplayer::::::::

References

github.com/advisories/GHSA-jmhj-vh4q-hhmq

github.com/PaulleDemon/tkVideoPlayer/issues/3

github.com/PaulleDemon/tkVideoPlayer/security/advisories/GHSA-jmhj-vh4q-hhmq

github.com/pypa/advisory-database/tree/main/vulns/tkvideoplayer/PYSEC-2022-187.yaml

nvd.nist.gov/vuln/detail/CVE-2022-24902

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

39.2%

JSON

Related for GHSA-JMHJ-VH4Q-HHMQ