Vulnerability Details CVE-2022-47021
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 31.4%
CVSS Severity
CVSS v3 Score 7.8
References
- https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5
- https://github.com/xiph/opusfile/issues/36
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ODIA6QRIRBNF2HRXOE5VCZ2AFP4ZB4R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LIKBLOE433RA44YTYUZLED4IOWJG5DV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ED4CWLBR2WQ2IXXTHZ24UYZBRNCLMJXH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYPAQANM2ZNPXRBFOS5NFXNJ7O4Q3OBD/
- https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5
- https://github.com/xiph/opusfile/issues/36
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ODIA6QRIRBNF2HRXOE5VCZ2AFP4ZB4R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LIKBLOE433RA44YTYUZLED4IOWJG5DV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ED4CWLBR2WQ2IXXTHZ24UYZBRNCLMJXH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYPAQANM2ZNPXRBFOS5NFXNJ7O4Q3OBD/
Products affected by CVE-2022-47021
-
cpe:2.3:a:xiph:opusfile:0.10
-
cpe:2.3:a:xiph:opusfile:0.11
-
cpe:2.3:a:xiph:opusfile:0.12
-
cpe:2.3:a:xiph:opusfile:0.9
-
cpe:2.3:o:fedoraproject:fedora:36
-
cpe:2.3:o:fedoraproject:fedora:37