CVE-2023-23082

Summary

CVE	CVE-2023-23082
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-02-03 22:15:00 UTC
Updated	2024-01-23 07:15:00 UTC
Description	A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Kodi	Kodi	All	All	All	All

References

Reference	Source	Link	Tags
Merge pull request #22380 from fritsch/at25 · xbmc/xbmc@8c2aafb · GitHub	MISC	github.com
ExifParse: Don't run outside exif information · fritsch/xbmc@367cc80 · GitHub	MISC	github.com
ExifParser: Fix several out of bounds accesses while parsing exif information by fritsch · Pull Request #22380 · xbmc/xbmc · GitHub	MISC	github.com
kodi image exif parse bug · Issue #22377 · xbmc/xbmc · GitHub	MISC	github.com
ExifParse: Backport further upstream fixes · fritsch/xbmc@54df944 · GitHub	MISC	github.com
ExifParser: Fix several out of bounds accesses while parsing exif information by fritsch · Pull Request #22380 · xbmc/xbmc · GitHub	MISC	github.com
[SECURITY] [DLA 3712-1] kodi security update		lists.debian.org
ExifParser: Fix several out of bounds accesses while parsing exif information by fritsch · Pull Request #22380 · xbmc/xbmc · GitHub	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

184814 Debian Security Update for kodi (CVE-2023-23082)
6000437 Debian Security Update for kodi (DLA 3712-1)