{"vulnerability": "cve-2022-2566", "sightings": [{"uuid": "1b8c9911-2a3e-4ab1-b596-5d0573bed0c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25664", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10714", "content": "CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space level of pages, and how the GitHub Security Lab used the kernel space information leak to construct a KASLR bypass. \n\nhttps://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/", "creation_timestamp": "2023-02-26T06:24:14.000000Z"}, {"uuid": "5c58123e-4b69-4aa4-a862-cac24793a15a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25664", "type": "published-proof-of-concept", "source": "https://t.me/ckuRED/248", "content": "CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel space level of pages, and how the GitHub Security Lab used the kernel space information leak to construct a KASLR bypass. \n\nhttps://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/", "creation_timestamp": "2023-02-26T06:24:04.000000Z"}, {"uuid": "e76fc26f-eb73-4f1e-96f9-68c5e36c3c2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25664", "type": "published-proof-of-concept", "source": "Telegram/wPgYmDiNxERVBLJwmmVInGZ5iDsP1DltksnUstHaveC5K0c", "content": "", "creation_timestamp": "2023-02-24T06:29:35.000000Z"}, {"uuid": "a1b093cd-d35b-4c70-87fa-a5d7a7a9c6e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2566", "type": "seen", "source": "https://t.me/cibsecurity/50313", "content": "\u203c CVE-2022-2566 \u203c\n\nA heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc(). An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-23T16:13:23.000000Z"}, {"uuid": "ec3bb036-dde8-4188-82c1-d21017391ab0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25663", "type": "seen", "source": "https://t.me/cibsecurity/51757", "content": "\u203c CVE-2022-25663 \u203c\n\nPossible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T14:15:12.000000Z"}, {"uuid": "b35669b8-8b05-4c2e-b717-85de26910c5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25661", "type": "seen", "source": "https://t.me/cibsecurity/51755", "content": "\u203c CVE-2022-25661 \u203c\n\nMemory corruption due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T14:15:10.000000Z"}, {"uuid": "3046973c-a3a6-4e2f-b2c1-2a94cccd8653", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25660", "type": "seen", "source": "https://t.me/cibsecurity/51754", "content": "\u203c CVE-2022-25660 \u203c\n\nMemory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T14:15:08.000000Z"}, {"uuid": "065f5fb4-9631-4ee6-8947-bf98ac98d015", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25662", "type": "seen", "source": "https://t.me/cibsecurity/51752", "content": "\u203c CVE-2022-25662 \u203c\n\nInformation disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T14:15:05.000000Z"}, {"uuid": "1a917858-c31f-4bb2-9fd5-027161285abb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2566", "type": "published-proof-of-concept", "source": "Telegram/FS_aGd7NPqhAUoD6QQ6poWCZk70gALF5OHUbODb75o1lvL0", "content": "", "creation_timestamp": "2022-10-13T10:23:04.000000Z"}, {"uuid": "798e79da-0fb3-48f1-9e23-8c35d43b4ed1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2566", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/540", "content": "CVE-2022-2566 : FFmpeg < 5.1 - Heap Out-Of-Bounds Write in build_open_gop_key_points -> Rce\nPOC : https://github.com/google/security-research/security/advisories/GHSA-vhxg-9wfx-7fcj", "creation_timestamp": "2022-10-07T10:30:05.000000Z"}, {"uuid": "3013daf9-da69-4b2e-ae36-2c9a330811c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25664", "type": "seen", "source": "https://t.me/MrVGunz/718", "content": "CVE-2022-25664 : Reading memory on an Android device by accident\nhttps://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/", "creation_timestamp": "2023-02-28T18:30:00.000000Z"}, {"uuid": "dee1a352-53a8-454d-862b-2cbdd995cbb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25669", "type": "seen", "source": "https://t.me/cibsecurity/49873", "content": "\u203c CVE-2022-25669 \u203c\n\nDenial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-16T12:42:01.000000Z"}, {"uuid": "63e0f41f-9059-4eb4-810c-0abf6d392334", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25668", "type": "seen", "source": "https://t.me/cibsecurity/49229", "content": "\u203c CVE-2022-25668 \u203c\n\nMemory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-02T16:39:16.000000Z"}, {"uuid": "3ce7989a-ad9e-44eb-9809-fa2d17e72499", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25666", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15753", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-25666\n\ud83d\udd25 CVSS Score: 6.7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking\n\ud83d\udccf Published: 2022-10-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-09T14:49:35.474Z\n\ud83d\udd17 References:\n1. https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin", "creation_timestamp": "2025-05-09T15:25:45.000000Z"}, {"uuid": "12dbbc3c-0626-4940-9ab0-66dbc784cab6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25664", "type": "published-proof-of-concept", "source": "Telegram/qh6a8iTNEQsIE0clp8wGnoQBR1wanvuQImFvBx2w5KBFyZ0", "content": "", "creation_timestamp": "2023-02-26T12:28:03.000000Z"}, {"uuid": "3b2634c0-0f26-4b69-8f19-5107bef81da2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25664", "type": "seen", "source": "https://t.me/cibsecurity/51766", "content": "\u203c CVE-2022-25664 \u203c\n\nInformation disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-19T14:15:24.000000Z"}, {"uuid": "0e92d70b-f47a-4b08-a0af-53f5527ad5cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25664", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/7812", "content": "#exploit\n1. CVE-2022-25664:\nReading memory on an Android device by accident\nhttps://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident\n\n2. CVE-2023-22974:\nOpenEMR <7.0.0 - Arbitrary File Read\nhttps://github.com/gbrsh/CVE-2023-22974", "creation_timestamp": "2023-02-24T15:12:17.000000Z"}, {"uuid": "43867a58-3f35-413d-add2-942eb28238d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2566", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6887", "content": "#exploit\n1. 0-Day RCE on Microsoft Exchange Server\nhttps://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html\n\n2. CVE-2022-36934:\nInteger overflow in WhatsApp leading to RCE in an established\nhttps://infosecwriteups.com/cve-2022-36934-an-integer-overflow-in-whatsapp-leading-to-remote-code-execution-in-an-established-e0fc4e2cd900\n\n3. CVE-2022-2566:\nFFmpeg - Heap Out-Of-Bounds Write in build_open_gop_key_points\nhttps://github.com/google/security-research/security/advisories/GHSA-vhxg-9wfx-7fcj", "creation_timestamp": "2022-09-30T11:00:26.000000Z"}]}