Stack-based Buffer Overflow in Fribidi Package
CVE-2022-25308

7.8HIGH

Key Information:

Vendor: Gnu
Status: Fribidi
Vendor: CVE Published:; 6 September 2022

What is CVE-2022-25308?

A stack-based buffer overflow vulnerability exists in the Fribidi package, allowing attackers to craft a malicious file that, when processed by Fribidi, can result in potential memory leaks or cause denial of service. This flaw emphasizes the critical need for secure coding practices and regular updates to prevent exploitation.

Affected Version(s)

fribidi Fixed in v1.0.12

References

https://github.com/fribidi/fribidi/issues/181

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=2047890

x_refsource_MISC

https://github.com/fribidi/fribidi/pull/184

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2022
Vulnerability Reserved
Feb 17, 2022

Gnu

What is CVE-2022-25308?

Affected Version(s)

References

CVSS V3.1

Timeline