Heap Buffer Overflow in FreeType Affects Multiple Versions
CVE-2022-27404

9.8CRITICAL

Key Information:

Vendor: Freetype
Status: Freetype
Vendor: CVE Published:; 22 April 2022

What is CVE-2022-27404?

The FreeType library is susceptible to a heap buffer overflow due to a flaw found in the function sfnt_init_face. An attacker could exploit this vulnerability to execute arbitrary code within the context of the affected application, potentially leading to a complete system compromise. Users of FreeType versions prior to 2.12.1 are urged to upgrade promptly to mitigate these risks. Reference advisories detail the implications and necessary actions to enhance security.

References

https://gitlab.freedesktop.org/freetype/freetype/-/issues...

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2022
Vulnerability Reserved
Mar 21, 2022

Freetype

What is CVE-2022-27404?

References

CVSS V3.1

Timeline