-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe identified vulnerable functions are derived from analyzing patches applied in version 24.1.4 of Intel VPL software, which fixed CVE-2024-28030 (NULL pointer dereference). Commit 98a612fba0b397d7211b4b84484253021a4bd787 introduced stricter handle validation in session and core initialization pathways (_mfxVersionedSessionImpl::InitEx, FactoryCORE::CreateCORE, MFXInitialize), suggesting a prior lack of validation could lead to NULL handle dereferences. Commit 9f8a9ac15952d3dee24e73b8a3a3a07adf4563f0 added parameter checks in JPEG header processing (UMC::MJPEGVideoDecoderMFX_HW::PackHeaders), indicating that pointers involved in data copying might have been NULL and dereferenced without checks in the vulnerable version. These functions would likely appear in a runtime profile if the vulnerability were triggered by providing specific inputs or configurations that lead to the dereference of a NULL pointer.
Ongoing coverage of React2Shell