CVE-2022-1586

CRITICAL Year: 2022
CVSS v3 Score
9.1
Critical
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-125
View all →

Vulnerability Description

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

Related Vulnerabilities

CVE-2014-1508

CRITICAL
CVSS:9.1(Critical)

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive ...

CWE-1252014

CVE-2014-3180

CRITICAL
CVSS:9.1(Critical)

In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting comp...

CWE-1252014

CVE-2016-6520

CRITICAL
CVSS:9.1(Critical)

Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.

CWE-1252016

CVE-2017-0854

CRITICAL
CVSS:9.1(Critical)

An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837.

CWE-1252017

CVE-2017-11147

CRITICAL
CVSS:9.1(Critical)

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due t...

CWE-1252017

CVE-2017-14122

CRITICAL
CVSS:9.1(Critical)

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.

CWE-1252017