First Last Prev Next    This bug is not in your last search results.
Bug 1207381 - (CVE-2022-47021) VUL-0: CVE-2022-47021: opusfile: Null pointer dereference issue allows attackers to cause denial of service
(CVE-2022-47021)
VUL-0: CVE-2022-47021: opusfile: Null pointer dereference issue allows attack...
Status: NEW
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.5
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Michael Gorse
Security Team bot
https://smash.suse.de/issue/354445/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-01-23 08:13 UTC by Hu
Modified: 2023-03-15 21:05 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hu 2023-01-23 08:13:55 UTC 
CVE-2022-47021

A null pointer dereference issue was discovered in functions op_get_data and
op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause
denial of service or other unspecified impacts.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47021
https://www.cve.org/CVERecord?id=CVE-2022-47021
https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5
https://github.com/xiph/opusfile/issues/36
Comment 1 Hu 2023-01-23 08:14:30 UTC 
Affected:
- openSUSE:Backports:SLE-15-SP3/opusfile  0.10
- openSUSE:Backports:SLE-15-SP4/opusfile  0.12
- openSUSE:Factory/opusfile               0.12
Comment 3 OBSbugzilla Bot 2023-03-15 21:05:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1207381) was mentioned in
https://build.opensuse.org/request/show/1072189 Backports:SLE-15-SP4 / opusfile
First Last Prev Next    This bug is not in your last search results.