Memory Allocation with Excessive Size Value

CVE-2022-4741

Medium

6.5/10

Summary

A vulnerability was found in docconv prior to 1.2.1 and classified as problematic. This issue affects the function "ConvertDocx/ConvertODT/ConvertPages/XMLToMap/XMLToText". The manipulation leads to uncontrolled memory allocation. The attack may be initiated remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216779.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-789 - Memory Allocation with Excessive Size Value

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

References

Advisory
Advisory
Pull request
Release Note

Advisory Timeline

Published Dec 25, 2022

Memory Allocation with Excessive Size Value

CVE-2022-4741

Summary

CWE-789 - Memory Allocation with Excessive Size Value

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS