CVE-2022-27404
Published: 04/22/2022 14:15:09
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
CRITICAL
CVSS v3: 9.8
CVSS v3: 9.8
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 25.1 | freetype (2.6.5) | Resolved | Code Not Present | Patched applied from https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db |
| 24.4 | freetype (2.6.5) | Resolved | Code Not Present | Patched applied from https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db |
| 24.4.0 | freetype (2.6.5) | Resolved | Code Not Present | Patched applied from https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db |
| 24.3 | freetype (2.6.5) | Resolved | Code Not Present | Patched applied from https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db |
| 24.2.1 | freetype (2.6.5) | Resolved | Code Not Present | Patched applied from https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db |
| 24.2 | freetype (2.6.5) | Resolved | Code Not Present | Patched applied from https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db |
| 24.1 | freetype (2.6.5) | Resolved | Code Not Present | Patched applied from https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db |
| 23.3 | freetype (2.6.5) | Resolved | Code Not Present | Patched applied from https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db |
| 23.2.1 | freetype (2.6.5) | Resolved | Code Not Present | Patched applied from https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db |
| 23.2 | freetype (2.6.5) | Resolved | Code Not Present | Patched applied from https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db |
| 23.1 | freetype (2.6.5) | Resolved | Code Not Present | Patched applied from https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db |
| 22.4 | freetype (2.6.5) | Resolved | Code Not Present | Patched applied from https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db |
| 22.3 | freetype (2.6.5) | Resolved | patched (upstream) https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db | |
| 22.2 | freetype (2.6.5) | Resolved | patched (upstream) https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db | |
| 22.1 | freetype (2.6.5) | Needs Triage | ||
| 21.11.1 | freetype (2.6.5) | Needs Triage | ||
| 21.11 | freetype (2.6.5) | Needs Triage | ||
| 21.8.1 | freetype (2.6.5) | Needs Triage | ||
| 21.8 | freetype (2.6.5) | Needs Triage |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
HIGH
Base Score
9.8
Base Severity
CRITICAL
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version
3.1