Home > Vulnerability Database > CVE-2022-4643

Mend.io Vulnerability Database

CVE-2022-4643

Good to know:

Date: December 21, 2022

A vulnerability was found in docconv up to 1.2.0. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdf_ocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. Upgrading to version 1.2.1 is able to address this issue. The name of the patch is b19021ade3d0b71c89d35cb00eb9e589a121faa5. It is recommended to upgrade the affected component. VDB-216502 is the identifier assigned to this vulnerability.

Language: Go

Severity Score

9.8

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-4643

Url: https://vuldb.com/?id.216502

Url: https://github.com/sajari/docconv/releases/tag/v1.2.1

Url: https://github.com/sajari/docconv/releases/tag/v1.3.5

Url: https://github.com/sajari/docconv/pull/110

Url: https://github.com/sajari/docconv/commit/b19021ade3d0b71c89d35cb00eb9e589a121faa5

Url: https://www.mend.io/vulnerability-database/CVE-2022-4643

Severity Score

9.8

Weakness Type (CWE)

Improper Enforcement of Message or Data Structure

CWE-707

Injection

CWE-74

OS Command Injections

CWE-78

Top Fix

Upgrade Version

Upgrade to version v1.2.1

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-4643

Good to know:

Date: December 21, 2022

Language: Go

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?