CVE Vulnerabilities

CVE-2022-28048

Incorrect Calculation

Published: Apr 15, 2022 | Modified: May 10, 2022
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
7.3 MODERATE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Ubuntu

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.

Weakness

The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Affected Software

Name Vendor Start Version End Version
Stb Stb_project 2.27 2.27
Libstb Ubuntu trusty *
Libstb Ubuntu xenial *

Potential Mitigations

  • Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
  • Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).

References