Vulnerabilities > CVE-2022-48363 - Reachable Assertion vulnerability in Linuxfoundation Automotive Grade Linux
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28484
- https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28484
- https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28485
- https://gerrit.automotivelinux.org/gerrit/c/src/libqtappfw/+/28485
- https://gerrit.automotivelinux.org/gerrit/q/project:src%252Flibqtappfw+status:open
- https://gerrit.automotivelinux.org/gerrit/q/project:src%252Flibqtappfw+status:open
- https://jira.automotivelinux.org/browse/SPEC-4661
- https://jira.automotivelinux.org/browse/SPEC-4661