Heap-based Buffer Overflow in Fribidi Package
CVE-2022-25309

5.5MEDIUM

Key Information:

Vendor: Gnu
Status: Fribidi
Vendor: CVE Published:; 6 September 2022

What is CVE-2022-25309?

A heap-based buffer overflow flaw exists in the Fribidi package, specifically in the fribidi_cap_rtl_to_unicode() function located in fribidi-char-sets-cap-rtl.c. By supplying a specially crafted file with the '--caprtl' option to the Fribidi application, an attacker can trigger this vulnerability, which may result in a crash and consequently lead to a Denial of Service. This security flaw could affect the availability and reliability of systems relying on this package.

Affected Version(s)

fribidi Fixed in v1.0.12

References

https://github.com/fribidi/fribidi/issues/182

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=2047896

x_refsource_MISC

https://github.com/fribidi/fribidi/commit/f22593b82b5d166...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2022
Vulnerability Reserved
Feb 17, 2022

Gnu

What is CVE-2022-25309?

Affected Version(s)

References

CVSS V3.1

Timeline