{"id":"CVE-2022-1304","details":"An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.","modified":"2026-03-14T11:24:14.605497Z","published":"2022-04-14T21:15:08.490Z","related":["ALSA-2022:7720","ALSA-2022:8361","MGASA-2022-0384","SUSE-SU-2022:1652-1","SUSE-SU-2022:1688-1","SUSE-SU-2022:1695-1","SUSE-SU-2022:1718-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00001.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241122-0010/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2069726"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tytso/e2fsprogs","events":[{"introduced":"0"},{"last_affected":"704b18b9ed66f87e070260787973fe85a470ec1d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.46.5"}]}}],"versions":["1.43","1.43.4","APPLE_UUID_SNAP_1","E2FSPROGS-0_5B","E2FSPROGS-0_5C","E2FSPROGS-1.25","E2FSPROGS-1.27-WIP-0305","E2FSPROGS-1.28-WIP-0626","E2FSPROGS-1.28-WIP-0817","E2FSPROGS-1.30-WIP-0930","E2FSPROGS-1.39-WIP-0330","E2FSPROGS-1.39-WIP-0409","E2FSPROGS-1.39-WIP-1210","E2FSPROGS-1.39-WIP-1231","E2FSPROGS-1_01","E2FSPROGS-1_02","E2FSPROGS-1_03","E2FSPROGS-1_04","E2FSPROGS-1_05","E2FSPROGS-1_06","E2FSPROGS-1_07","E2FSPROGS-1_09","E2FSPROGS-1_10","E2FSPROGS-1_11","E2FSPROGS-1_12","E2FSPROGS-1_13","E2FSPROGS-1_15","E2FSPROGS-1_16","E2FSPROGS-1_17","E2FSPROGS-1_19","E2FSPROGS-1_20","E2FSPROGS-1_21","E2FSPROGS-1_22","E2FSPROGS-1_23","E2FSPROGS-1_23-WIP-0720","E2FSPROGS-1_23-WIP-0722","E2FSPROGS-1_23-WIP-0727","E2FSPROGS-1_24","E2FSPROGS-1_24a","E2FSPROGS-1_26","E2FSPROGS-1_26-WIP-1224","E2FSPROGS-1_27","E2FSPROGS-1_28","E2FSPROGS-1_29","E2FSPROGS-1_30","E2FSPROGS-1_31","E2FSPROGS-1_32","E2FSPROGS-1_33","E2FSPROGS-1_33-WIP-0306","E2FSPROGS-1_33-WIP-0314","E2FSPROGS-1_33-WIP-0316","E2FSPROGS-1_33-WIP-0325","E2FSPROGS-1_33-WIP-0330","E2FSPROGS-1_33-WIP-0414","E2FSPROGS-1_34","E2FSPROGS-1_34-WIP-0521","E2FSPROGS-1_35","E2FSPROGS-1_35-WIP-0131","E2FSPROGS-1_35-WIP-0801","E2FSPROGS-1_35-WIP-0821","E2FSPROGS-1_35-WIP-1207","E2FSPROGS-1_36","E2FSPROGS-1_37","E2FSPROGS-1_38","E2FSPROGS-1_38-WIP-0509","E2FSPROGS-1_38-WIP-0620","E2FSPROGS-1_39","E2FSPROGS-1_40","E2FSPROGS-1_40-WIP-1114","PQ_SNAPSHOT_971103","RESIZE2FS-1_03","WIP-20010620","WIP-20011130","debian-1.41.12-2","debian/1.44.3-1","v1.40","v1.40.1","v1.40.10","v1.40.11","v1.40.2","v1.40.3","v1.40.4","v1.40.5","v1.40.6","v1.40.7","v1.40.8","v1.40.9","v1.41-WIP-0427","v1.41-WIP-0617","v1.41-WIP-0707","v1.41.0","v1.41.1","v1.41.10","v1.41.11","v1.41.12","v1.41.13","v1.41.14","v1.41.2","v1.41.3","v1.41.4","v1.41.5","v1.41.6","v1.41.7","v1.41.8","v1.41.9","v1.42","v1.42-WIP-0702","v1.42-WIP-0916","v1.42-WIP-0925","v1.42-WIP-1001","v1.42-WIP-1005","v1.42-WIP-1009","v1.42-WIP-1016","v1.42-WIP-1120","v1.42.1","v1.42.10","v1.42.11","v1.42.12","v1.42.13","v1.42.2","v1.42.3","v1.42.4","v1.42.5","v1.42.6","v1.42.7","v1.42.8","v1.42.9","v1.43","v1.43-WIP-2012-09-22","v1.43-WIP-2015-05-18","v1.43-WIP-2016-03-15","v1.43-WIP-2016-05-12","v1.43.1","v1.43.2","v1.43.3","v1.43.4","v1.43.5","v1.43.6","v1.43.7","v1.43.8","v1.43.9","v1.44.0","v1.44.0-rc1","v1.44.0-rc2","v1.44.1","v1.44.2","v1.44.3","v1.44.3-rc1","v1.44.3-rc2","v1.44.4","v1.44.5","v1.44.6","v1.45.0","v1.45.1","v1.45.1-rc1","v1.45.2","v1.45.3","v1.45.4","v1.45.5","v1.45.6","v1.45.7","v1.46.0","v1.46.1","v1.46.2","v1.46.3","v1.46.4","v1.46.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1304.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}