CVE-2022-1507 — NULL Pointer Dereference in Chafa

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 45.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hpjansson Chafa Chafa Project Chafa Debian Chafa +1 more

Timeline

PublishedApr 27

Latest updateApr 28

Description

chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5hpjansson/hpjansson_chafaunspecified — 1.10.2

▶debiandebian/chafa< chafa 1.10.2-1 (bookworm)

▶NVDchafa_project/chafa< 1.10.2

▶Debianchafa_project/chafa< 1.10.2-1+2

Also affects: Fedora 34, 35, 36

Patches

Patch: github.com ↗Patch: huntr.dev ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-p7m9-59wp-jx9r: chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif↗2022-04-28

▶

OSV

CVE-2022-1507: chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif↗2022-04-27

▶

📋Vendor Advisories

Debian

CVE-2022-1507: chafa - chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgi...↗2022

▶