QwikSec

Security Database

CVE

CWE

Training

CVE-2022-1507

Published: Apr 27, 2022

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.0

5.5

MEDIUM

Description

chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.

Vendor	Product	Versions
hpjansson	hpjansson/chafa	affected `unspecified - < 1.10.2`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95

x_refsource_CONFIRM

https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9

x_refsource_MISC

FEDORA-2022-e72698d659

vendor-advisory

x_refsource_FEDORA

FEDORA-2022-4bdf35a1b5

vendor-advisory

x_refsource_FEDORA

FEDORA-2022-0aab67e874

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.