Home > Vulnerability Database > CVE-2022-4741

Mend.io Vulnerability Database

CVE-2022-4741

Good to know:

Date: December 25, 2022

A vulnerability was found in docconv up to 1.2.0 and classified as problematic. This issue affects the function ConvertDocx/ConvertODT/ConvertPages/ConvertXML/XMLToText. The manipulation leads to uncontrolled memory allocation. The attack may be initiated remotely. Upgrading to version 1.2.1 is able to address this issue. The name of the patch is 42bcff666855ab978e67a9041d0cdea552f20301. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216779.

Language: Go

Severity Score

6.5

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-4741

Url: https://vuldb.com/?ctiid.216779

Url: https://github.com/sajari/docconv/releases/tag/v1.2.1

Url: https://vuldb.com/?id.216779

Url: https://github.com/sajari/docconv/commit/42bcff666855ab978e67a9041d0cdea552f20301

Url: https://github.com/sajari/docconv/pull/111

Url: https://www.mend.io/vulnerability-database/CVE-2022-4741

Severity Score

6.5

Weakness Type (CWE)

Memory Allocation with Excessive Size Value

CWE-789

Top Fix

Upgrade Version

Upgrade to version v1.2.1

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-4741

Good to know:

Date: December 25, 2022

Language: Go

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?