CVE-2022-2122

HIGH Year: 2022
CVSS v3 Score
7.8
High
Weakness Type
CWE-122
View all →

Vulnerability Description

DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.

Related Vulnerabilities

CVE-2016-8654

HIGH
CVSS:7.8(High)

A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

CWE-1222016

CVE-2017-16737

HIGH
CVSS:7.8(High)

An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by ...

CWE-1222017

CVE-2018-8833

HIGH
CVSS:7.8(High)

Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.

CWE-1222018

CVE-2018-8834

HIGH
CVSS:7.8(High)

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer ver...

CWE-1222018

CVE-2019-10951

HIGH
CVSS:7.8(High)

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files,...

CWE-1222019

CVE-2019-10982

HIGH
CVSS:7.8(High)

Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an atta...

CWE-1222019