In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.
References
Configurations
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-617 |
07 Mar 2023, 22:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:linuxfoundation:automotive_grade_linux:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-476 | |
References | (MISC) https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28485 - Patch | |
References | (MISC) https://gerrit.automotivelinux.org/gerrit/q/project:src%252Flibqtappfw+status:open - Not Applicable | |
References | (MISC) https://jira.automotivelinux.org/browse/SPEC-4661 - Exploit | |
References | (MISC) https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28484 - Patch |
26 Feb 2023, 23:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-26 23:15
Updated : 2024-02-04 23:14
NVD link : CVE-2022-48363
Mitre link : CVE-2022-48363
CVE.ORG link : CVE-2022-48363
JSON object : View
Products Affected
linuxfoundation
- automotive_grade_linux
CWE
CWE-617
Reachable Assertion