How severe is CVE-2022-34480?

CVE-2022-34480 has a CVSS v3 score of 8.8 (HIGH).

CVE-2022-34480

Name: firefox
Author: mozilla

8.8HIGH

Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects

Published: 12/22/2022Updated: 4/15/2025

Description

Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. This vulnerability affects Firefox < 102.

AI AnalysisPowered by AI

Affected Products

mozillafirefox

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1454072
Issue TrackingPermissions RequiredVendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-24/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1454072
Issue TrackingPermissions RequiredVendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-24/
Vendor Advisory