CVE-2022-1215 — Use of Externally-Controlled Format String in Libinput

CWE-134 — Use of Externally-Controlled Format String CWE-125 — Out-of-bounds Read11 documents9 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 87.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Libinput

Timeline

PublishedJun 2

Latest updateFeb 26

Description

A format string vulnerability was found in libinput

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDfreedesktop/libinput1.10.0 — 1.18.2+2

▶Debianfreedesktop/libinput< 1.20.1-1+2

▶CVEListV5freedesktop/libinputlibinput 1.10 and above

🔴Vulnerability Details

GHSA

GHSA-q3fm-hh84-2m38: A format string vulnerability was found in libinput↗2022-06-03

▶

OSV

CVE-2022-1215: A format string vulnerability was found in libinput↗2022-06-02

▶

CVEList

CVE-2022-1215: A format string vulnerability was found in libinput↗2022-05-31

▶

📋Vendor Advisories

Red Hat

kernel: module: fix [e_shstrndx].sh_size=0 OOB access↗2025-02-26

▶

Microsoft

A format string vulnerability was found in libinput↗2022-05-10

▶

Ubuntu

libinput vulnerability↗2022-05-02

▶

Red Hat

libinput: format string vulnerability may lead to privilege escalation↗2022-04-20

▶

Ubuntu

libinput vulnerability↗2022-04-20

▶