Upgrade Amazon-Linux:2 kernel to version 0:4.14.192-147.314.amzn2 or higher. This issue was patched in ALAS2-2020-1480 .

Integer Overflow or Wraparound The advisory has been revoked - it doesn't affect any version of package compat-libcogl12 (opens in a new tab)

Threat Intelligence

0.24% (62^nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-RHEL7-COMPATLIBCOGL12-2773668
published21 Apr 2022
disclosed17 Feb 2022

Report a new vulnerability Found a mistake?

Introduced: 17 Feb 2022

CVE-2022-28041 (opens in a new tab) CWE-190 (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:7.

NVD Description

Note: Versions mentioned in the description apply only to the upstream compat-libcogl12 package and not the compat-libcogl12 package as distributed by RHEL.

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.