Heap-based Buffer Overflow in Fribidi Package
CVE-2022-25309

5.5MEDIUM

Key Information:

Vendor
Gnu
Status
Fribidi
Vendor
CVE Published:
6 September 2022

Summary

A heap-based buffer overflow flaw exists in the Fribidi package, specifically in the fribidi_cap_rtl_to_unicode() function located in fribidi-char-sets-cap-rtl.c. By supplying a specially crafted file with the '--caprtl' option to the Fribidi application, an attacker can trigger this vulnerability, which may result in a crash and consequently lead to a Denial of Service. This security flaw could affect the availability and reliability of systems relying on this package.

Affected Version(s)

fribidi Fixed in v1.0.12

References

https://github.com/fribidi/fribidi/issues/182
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=2047896
x_refsource_MISC
https://github.com/fribidi/fribidi/commit/f22593b82b5d166...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.