Vulnerability Description
In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Musicpd | Music Player Daemon | < 0.23.8 |
| Linuxfoundation | Automotive Grade Linux | - |
Related Weaknesses (CWE)
References
- https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28484Patch
- https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28485Patch
- https://gerrit.automotivelinux.org/gerrit/q/project:src%252Flibqtappfw+status:opNot Applicable
- https://jira.automotivelinux.org/browse/SPEC-4661Exploit
- https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28484Patch
- https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28485Patch
- https://gerrit.automotivelinux.org/gerrit/q/project:src%252Flibqtappfw+status:opNot Applicable
- https://jira.automotivelinux.org/browse/SPEC-4661Exploit
FAQ
What is CVE-2022-48363?
CVE-2022-48363 is a vulnerability with a CVSS score of 7.5 (HIGH). In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an ...
How severe is CVE-2022-48363?
CVE-2022-48363 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-48363?
Check the references section above for vendor advisories and patch information. Affected products include: Musicpd Music Player Daemon, Linuxfoundation Automotive Grade Linux.