CVE-2022-47021

NameCVE-2022-47021
DescriptionA null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1030049

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
opusfile (PTS)bullseye0.9+20170913-1.1vulnerable
sid, trixie, bookworm0.12-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
opusfilesource(unstable)0.12-41030049

Notes

[bullseye] - opusfile <no-dsa> (Minor issue)
[buster] - opusfile <no-dsa> (Minor issue)
https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5
https://github.com/xiph/opusfile/issues/36

Search for package or bug name: Reporting problems