CVE-2022-24902 — tkvideo has a memory issue in playing videos

Description

TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There are no known workarounds. This issue has been patched and users are advised to upgrade to version 2.0.0 or later.

How to fix CVE-2022-24902

To remediate CVE-2022-24902, upgrade the affected package to a fixed version below.

—upgrade to 2.0.0 or later
—upgrade to 2.0.0 or later

Is CVE-2022-24902 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 2.0.0
from 0, < 2.0.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-24902
PATCHgithub.com/PaulleDemon/tkVideoPlayer/issues
WEBgithub.com/PaulleDemon/tkVideoPlayer/issues/3
WEBgithub.com/PaulleDemon/tkVideoPlayer/security/advisories/GHSA-jmhj-vh4q-hhmq