CVE-2022-22820

{"id": "CVE-2022-22820", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-01-20T12:15:08.727", "references": [{"url": "https://hackerone.com/reports/1357400", "tags": ["Permissions Required"], "source": "dl_cve@linecorp.com"}, {"url": "https://hackerone.com/reports/1357400", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Windows before 7.4."}, {"lang": "es", "value": "Debido a una falta de comprobaciones de archivos multimedia antes de la renderizaci\u00f3n, era posible que un atacante causara un consumo anormal de CPU para el destinatario del mensaje mediante el env\u00edo de una imagen gif especialmente dise\u00f1ada en LINE para Windows versiones anteriores a 7.4"}], "lastModified": "2024-11-21T06:47:31.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linecorp:line:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "61717960-C6DB-4540-9202-E2C541770836", "versionEndExcluding": "7.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "dl_cve@linecorp.com"}