Ubuntu.comUB:CVE-2022-1534CVE-2022-1534
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
17.8%
Buffer Over-read at parse_rawml.c:1416 in GitHub repository
bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data
past the end of the intented buffer. Typically, this can allow attackers to
read sensitive information from other memory locations or cause a crash.
Bugs
References
github.com/bfabiszewski/libmobi/commit/fb1ab50e448ddbed746fd27ae07469bc506d838b (v0.11)
huntr.dev/bounties/9a90ffa1-38f5-4685-9c00-68ba9068ce3d
launchpad.net/bugs/cve/CVE-2022-1534
nvd.nist.gov/vuln/detail/CVE-2022-1534
security-tracker.debian.org/tracker/CVE-2022-1534
www.cve.org/CVERecord?id=CVE-2022-1534
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
17.8%