CVE-2022-3515 - Remote Code Execution (RCE)
Severity: none2023-11-06
Abstract
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
The Oxygen products incorporate Libksb as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen Content Fusion v5.0.1 and older | None | Oxygen Content Fusion 6.0 build 2023110109 |
Detail
CVE-2022-3515
Severity: Critical
CVSS Score: 9.8
The Libksba third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-3515 vulnerability description. However, since Oxygen products does not use Libksb library at runtime, this vulnerability does not affect Oxygen products and will be removed in future versions.
Starting with Oxygen Content Fusion v6.0 build 2023110109 Libksb library was removed.