CVE-2024-22653
Public on 2025-05-29
Modified on 2025-06-02
Description
yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.
The issue appears to be introduced in commit 9defefae9fbcb6958cddbfa778c1ea8605da8b8b. However, since this commit is not included in any of the Amazon Linux distributions we ship, we are not affected.
The issue appears to be introduced in commit 9defefae9fbcb6958cddbfa778c1ea8605da8b8b. However, since this commit is not included in any of the Amazon Linux distributions we ship, we are not affected.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | yasm | No Fix Planned | ||
| Amazon Linux 2 - Graphicsmagick1.3 Extra | yasm | Not Affected | ||
| Amazon Linux 2023 | yasm | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 4.8 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
| NVD | CVSSv3 | 4.8 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |