{"id":"CVE-2022-1304","details":"An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.","modified":"2026-05-28T04:07:48.700110485Z","published":"2022-04-14T20:05:47Z","related":["ALSA-2022:7720","ALSA-2022:8361","SUSE-SU-2022:1652-1","SUSE-SU-2022:1688-1","SUSE-SU-2022:1695-1","SUSE-SU-2022:1718-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1304.json","cwe_ids":["CWE-125"],"cna_assigner":"redhat","unresolved_ranges":[{"extracted_events":[{"last_affected":"e2fsprogs 1.46.5"}],"source":"AFFECTED_FIELD"}]},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1304.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1304"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241122-0010/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2069726"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tytso/e2fsprogs","events":[{"introduced":"0"},{"last_affected":"704b18b9ed66f87e070260787973fe85a470ec1d"}],"database_specific":{"source":"CPE_STRING","cpe":"cpe:2.3:a:e2fsprogs_project:e2fsprogs:1.46.5:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"1.46.5"}]}}],"versions":["v1.46.5","v1.46.4","v1.46.3","v1.46.2","v1.46.1","v1.46.0","v1.45.3","v1.45.2","v1.45.1","v1.45.1-rc1","v1.45.0","v1.44.3","debian/1.44.3-1","v1.44.3-rc2","v1.44.3-rc1","v1.44.2","v1.44.1","v1.44.0","v1.44.0-rc2","v1.44.0-rc1","v1.43.4","1.43.4","v1.43.3","v1.43.2","v1.43.1","v1.43","1.43","v1.43-WIP-2016-05-12","v1.43-WIP-2016-03-15","v1.43-WIP-2015-05-18","v1.42.5","v1.43-WIP-2012-09-22","v1.42.4","v1.42.3","v1.42.2","v1.42.1","v1.42","v1.42-WIP-1120","v1.42-WIP-1016","v1.42-WIP-1009","v1.42-WIP-1005","v1.42-WIP-1001","v1.42-WIP-0925","v1.42-WIP-0916","v1.42-WIP-0702","v1.41.7","v1.41.6","v1.41.5","v1.41.4","v1.41.3","v1.41.2","v1.41.1","v1.41.0","v1.41-WIP-0707","v1.41-WIP-0617","v1.41-WIP-0427","v1.40.2","v1.40.1","v1.40","E2FSPROGS-1_40","E2FSPROGS-1_40-WIP-1114","E2FSPROGS-1_39","E2FSPROGS-1.39-WIP-0409","E2FSPROGS-1.39-WIP-0330","E2FSPROGS-1.39-WIP-1231","E2FSPROGS-1.39-WIP-1210","E2FSPROGS-1_38","E2FSPROGS-1_38-WIP-0620","E2FSPROGS-1_38-WIP-0509","E2FSPROGS-1_37","E2FSPROGS-1_36","APPLE_UUID_SNAP_1","E2FSPROGS-1_35","E2FSPROGS-1_35-WIP-0131","E2FSPROGS-1_35-WIP-1207","E2FSPROGS-1_35-WIP-0821","E2FSPROGS-1_35-WIP-0801","E2FSPROGS-1_34","E2FSPROGS-1_34-WIP-0521","E2FSPROGS-1_33","E2FSPROGS-1_33-WIP-0414","E2FSPROGS-1_33-WIP-0330","E2FSPROGS-1_33-WIP-0325","E2FSPROGS-1_33-WIP-0316","E2FSPROGS-1_33-WIP-0314","E2FSPROGS-1_33-WIP-0306","E2FSPROGS-1_32","E2FSPROGS-1_31","E2FSPROGS-1_30","E2FSPROGS-1.30-WIP-0930","E2FSPROGS-1_29","E2FSPROGS-1_28","E2FSPROGS-1.28-WIP-0817","E2FSPROGS-1.28-WIP-0626","E2FSPROGS-1_27","E2FSPROGS-1.27-WIP-0305","E2FSPROGS-1_26","E2FSPROGS-1_26-WIP-1224","WIP-20011130","E2FSPROGS-1.25","E2FSPROGS-1_24a","E2FSPROGS-1_24","E2FSPROGS-1_23","E2FSPROGS-1_23-WIP-0727","E2FSPROGS-1_23-WIP-0722","E2FSPROGS-1_23-WIP-0720","E2FSPROGS-1_22","WIP-20010620","E2FSPROGS-1_21","E2FSPROGS-1_20","E2FSPROGS-1_19","E2FSPROGS-1_17","E2FSPROGS-1_16","E2FSPROGS-1_15","E2FSPROGS-1_13","RESIZE2FS-1_03","E2FSPROGS-1_12","PQ_SNAPSHOT_971103","E2FSPROGS-1_11","E2FSPROGS-1_10","E2FSPROGS-1_09","E2FSPROGS-1_07","E2FSPROGS-1_06","E2FSPROGS-1_05","E2FSPROGS-1_04","E2FSPROGS-1_03","E2FSPROGS-1_02","E2FSPROGS-1_01","E2FSPROGS-0_5C","E2FSPROGS-0_5B"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1304.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}