CVE-2022-25309
06.09.2022, 18:15
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnu | fribidi | 𝑥 < 1.0.12 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| fribidi |
| ||||||||||||||||||||||||||||||||||||||||||||
| fribidi-32bit |
| ||||||||||||||||||||||||||||||||||||||||||||
| fribidi-devel |
| ||||||||||||||||||||||||||||||||||||||||||||
| libfribidi0 |
| ||||||||||||||||||||||||||||||||||||||||||||
| libfribidi0-32bit |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References