CVE-2022-22938 — Vmware Horizon vulnerability

4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 76.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Horizon Vmware Workstation

Timeline

PublishedJan 28

Latest updateJan 29

Description

VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages2 packages

▶NVDvmware/horizon5.0.0 — 5.5.3

▶NVDvmware/workstation16.0.0 — 16.2.2

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-524v-q4cc-cvmx: VMware Workstation (16↗2022-01-29

▶

CVEList

CVE-2022-22938: VMware Workstation (16↗2022-01-28

▶

📋Vendor Advisories

VMware

VMware Workstation and Horizon Client for Windows updates address a denial-of-service vulnerability (CVE-2022-22938)↗2022-01-18

▶