A vulnerability was found in docconv up to 1.2.0 and classified as problematic. This issue affects the function ConvertDocx/ConvertODT/ConvertPages/ConvertXML/XMLToText. The manipulation leads to uncontrolled memory allocation. The attack may be initiated remotely. Upgrading to version 1.2.1 is able to address this issue. The name of the patch is 42bcff666855ab978e67a9041d0cdea552f20301. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216779.
References
Link | Resource |
---|---|
https://github.com/sajari/docconv/commit/42bcff666855ab978e67a9041d0cdea552f20301 | Patch Third Party Advisory |
https://github.com/sajari/docconv/pull/111 | Patch Third Party Advisory |
https://github.com/sajari/docconv/releases/tag/v1.2.1 | Release Notes Third Party Advisory |
https://vuldb.com/?ctiid.216779 | Third Party Advisory |
https://vuldb.com/?id.216779 | Third Party Advisory |
Configurations
History
05 Jan 2023, 02:26
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://vuldb.com/?id.216779 - Third Party Advisory | |
References | (MISC) https://vuldb.com/?ctiid.216779 - Third Party Advisory | |
References | (MISC) https://github.com/sajari/docconv/releases/tag/v1.2.1 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/sajari/docconv/commit/42bcff666855ab978e67a9041d0cdea552f20301 - Patch, Third Party Advisory | |
References | (MISC) https://github.com/sajari/docconv/pull/111 - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:search:docconv:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Search docconv
Search |
25 Dec 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-25 20:15
Updated : 2024-04-11 01:17
NVD link : CVE-2022-4741
Mitre link : CVE-2022-4741
CVE.ORG link : CVE-2022-4741
JSON object : View
Products Affected
search
- docconv
CWE
CWE-789
Memory Allocation with Excessive Size Value