Integer overflow in MediaTek products - CVE-2022-20107
Published: March 7, 2023
Vulnerability identifier: #VU73080
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-20107
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
MT9011
MT9215
MT9216
MT9220
MT9221
MT9255
MT9256
MT9266
MT9269
MT9285
MT9286
MT9288
MT9600
MT9602
MT9610
MT9611
MT9612
MT9613
MT9615
MT9617
MT9629
MT9630
MT9631
MT9632
MT9636
MT9638
MT9639
MT9650
MT9652
MT9666
MT9669
MT9670
MT9675
MT9685
MT9686
MT9688
MT9011
MT9215
MT9216
MT9220
MT9221
MT9255
MT9256
MT9266
MT9269
MT9285
MT9286
MT9288
MT9600
MT9602
MT9610
MT9611
MT9612
MT9613
MT9615
MT9617
MT9629
MT9630
MT9631
MT9632
MT9636
MT9638
MT9639
MT9650
MT9652
MT9666
MT9669
MT9670
MT9675
MT9685
MT9686
MT9688
Software vendor:
MediaTek
MediaTek
Description
The vulnerability allows a local privileged application to perform service disruption.
The vulnerability exists due to an integer overflow within subtitle service. A local privileged application can perform service disruption.
Remediation
Install security update from vendor's website.