Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00731
HistoryFeb 14, 2023 - 12:00 a.m.

Intel® Media SDK Advisory

2023-02-1400:00:00
Intel Security Center
www.intel.com
22
intel media sdk
software
security vulnerabilities
denial of service
privilege escalation
update mandatory

0.0004 Low

EPSS

Percentile

9.0%

JSON

Summary:

Potential security vulnerabilities in the Intel® Media Software Development Kit (SDK) may allow denial of service or enable escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-34841****

Description: Improper buffer restrictions in the Intel® Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 5.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CVEID: CVE-2022-27170

Description: Protection mechanism failure in the Intel® Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 5.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CVEID: CVE-2022-34346

Description: Out-of-bounds read in the Intel® Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 4.8 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CVEID: CVE-2022-36289

Description: Protection mechanism failure in the Intel® Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 2.8 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

CVEID: CVE-2022-35883

Description: NULL pointer dereference in the Intel® Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 2.2 Low

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L

Affected Products:

Intel® Media SDK software before version 22.2.2.

Recommendation:

Intel recommends updating the Intel® Media SDK software to version 22.2.2 or later.

Updates are available for download at this location:

<https://github.com/Intel-Media-SDK/MediaSDK/releases&gt;

Acknowledgements:

These issues were found externally.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

prion 5
nvd 5
cve 5
cvelist 5
prion
prion
Buffer overflow
2023-02-16 21:15:00
Null pointer dereference
2023-02-16 21:15:00
Design/Logic Flaw
2023-02-16 21:15:00
nvd
nvd
CVE-2022-35883
2023-02-16 21:15:13
CVE-2022-34841
2023-02-16 21:15:12
CVE-2022-34346
2023-02-16 21:15:12
cve
cve
CVE-2022-35883
2023-02-16 21:15:13
CVE-2022-36289
2023-02-16 21:15:13
CVE-2022-34346
2023-02-16 21:15:12
cvelist
cvelist
CVE-2022-34841
2023-02-16 20:00:15
CVE-2022-35883
2023-02-16 20:00:18
CVE-2022-34346
2023-02-16 20:00:16

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for INTEL:INTEL-SA-00731
prion5nvd5cve5cvelist5