Search for vulnerabilities
Vulnerability details: VCID-a6h3-1emt-aaaq
Vulnerability ID VCID-a6h3-1emt-aaaq
Aliases CVE-2022-1122
Summary A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-824 Access of Uninitialized Pointer
CWE-665 Improper Initialization
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1122.json
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00049 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00115 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00122 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2022-1122
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=2067052
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1122
cvssv3 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1122
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1122
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1122.json
https://api.first.org/data/v1/epss?cve=CVE-2022-1122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1122
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/uclouvain/openjpeg/issues/1368
https://github.com/uclouvain/openjpeg/pull/1369
https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIWSQFQWXDU4MT3XTVAO6HC7TVL3NHS7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKBAMK2CAM5TMC5TODKVCE5AAPTD5YV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROSN5NRUFOH7HGLJ4ZSKPGAKLFXJALW4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIWSQFQWXDU4MT3XTVAO6HC7TVL3NHS7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RMKBAMK2CAM5TMC5TODKVCE5AAPTD5YV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROSN5NRUFOH7HGLJ4ZSKPGAKLFXJALW4/
https://security.gentoo.org/glsa/202209-04
2067052 https://bugzilla.redhat.com/show_bug.cgi?id=2067052
cpe:2.3:a:uclouvain:openjpeg:2.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:uclouvain:openjpeg:2.4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
CVE-2022-1122 https://nvd.nist.gov/vuln/detail/CVE-2022-1122
RHSA-2022:7645 https://access.redhat.com/errata/RHSA-2022:7645
RHSA-2022:8207 https://access.redhat.com/errata/RHSA-2022:8207
USN-7083-1 https://usn.ubuntu.com/7083-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1122.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1122
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1122
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1122
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.08188
EPSS Score 0.00038
Published At April 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.