In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.
References
Configurations
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-617 |
07 Mar 2023, 22:50
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://jira.automotivelinux.org/browse/SPEC-4661 - Exploit | |
References | (MISC) https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28484 - Patch | |
References | (MISC) https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28485 - Patch | |
References | (MISC) https://gerrit.automotivelinux.org/gerrit/q/project:src%252Flibqtappfw+status:open - Not Applicable | |
CPE | cpe:2.3:a:linuxfoundation:automotive_grade_linux:*:*:*:*:*:*:*:* | |
CWE | CWE-476 | |
First Time |
Linuxfoundation
Linuxfoundation automotive Grade Linux |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
26 Feb 2023, 23:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-26 23:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-48363
Mitre link : CVE-2022-48363
CVE.ORG link : CVE-2022-48363
JSON object : View
Products Affected
linuxfoundation
- automotive_grade_linux
CWE
CWE-617
Reachable Assertion