CVE-2022-48363

Source
https://cve.org/CVERecord?id=CVE-2022-48363
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48363.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48363
Published
2023-02-26T00:00:00Z
Modified
2026-07-08T06:03:25.465297641Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.

Database specific
{
    "cna_assigner": "mitre",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "0.23.8"
                }
            ],
            "source": "DESCRIPTION"
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48363.json"
}
References

Affected packages

Git / github.com/musicplayerdaemon/mpd

Affected ranges

Type
GIT
Repo
https://github.com/musicplayerdaemon/mpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.23.8"
        }
    ],
    "cpe": "cpe:2.3:a:musicpd:music_player_daemon:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

v0.*
v0.14
v0.14_alpha1
v0.14_alpha2
v0.14_alpha3
v0.14_beta1
v0.14_beta2
v0.14_beta3
v0.15
v0.15_alpha1
v0.15_beta1
v0.15_beta2
v0.16
v0.16_alpha1
v0.16_alpha2
v0.16_alpha3
v0.17
v0.18
v0.18.1
v0.18.2
v0.18.3
v0.18.4
v0.19
v0.19.1
v0.20
v0.20.1
v0.20.2
v0.20.3
v0.21
v0.21.1
v0.21.2
v0.21.3
v0.21.4
v0.21.5
v0.22
v0.23
v0.23.1
v0.23.2
v0.23.3
v0.23.4
v0.23.5
v0.23.6
v0.23.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48363.json"