Buffer Over-read

CVE-2022-1534

High

7.1/10

Summary

Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-126 - Buffer Over-read

The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

References

Advisory Timeline

Published Apr 29, 2022

Buffer Over-read

CVE-2022-1534

Summary

CWE-126 - Buffer Over-read

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS