CVE-2022-43239 Discovered that the Lide265 v1.0.8 had a heap buffer overflow vulnerability.

The full path of mc_chromaunsigned short> can be accessed in v1.0.8. The search function in mc_chromaunsigned short> can be used to find the full path of mc_chromaunsigned short> via an input of mc_chromaunsigned short>("/etc/passwd"). This results in a buffer overflow which can be exploited to cause a Denial of Service (DoS) by sending a crafted video file.

Vulnerability Details

This vulnerability is caused in mc_chromaunsigned short> by an error in the search function. Specifically, the search routine uses a user-controlled input and does not check that it is a valid pointer. The search routine also performs additional checks on the input. Vulnerability: Buffer Overflow.

Vulnerability Details

McAfee, Inc. has released an update to mc_chromaunsigned short> which resolves this vulnerability.

Timeline

Published on: 11/02/2022 14:15:00 UTC
Last modified on: 11/03/2022 03:26:00 UTC

References