CVE-2022-28785: 
NixOS vulnerability analysis and mitigation

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The vulnerability was assigned CVE-2022-28785 and was discovered in early 2022, affecting Android versions 10.0, 11.0, and 12.0. The issue was addressed through a patch that adds buffer size check logic (Samsung Advisory).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) issue. According to the National Vulnerability Database, it received a CVSS v3.1 Base Score of 5.5 (Medium) from NIST with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, while Samsung Mobile assessed it with a Base Score of 4.0 (Medium) with vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (NVD).

The vulnerability could lead to a temporary denial of service through out-of-bounds read operations. The impact is primarily focused on availability, with no direct impact on confidentiality or integrity of the system (NVD).

The vulnerability was patched in the SMR May-2022 Release 1 through the addition of proper buffer size check logic. Users should update their devices to this version or later to mitigate the vulnerability (Samsung Advisory).