CVE-2022-25309
Severity
5.5MEDIUM
EPSS
0.0%
top 86.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 6
Latest updateMar 6
Description
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
Also affects: Enterprise Linux 8.0, 9.0
Patches
🔴Vulnerability Details
6GHSA▶
GHSA-4fjx-j6jj-8pm5: A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-↗2022-09-07
OSV▶
CVE-2022-25309: A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-↗2022-09-06
CVEList▶
CVE-2022-25309: A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-↗2022-09-06
📋Vendor Advisories
6Microsoft▶
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a↗2022-09-13
Debian▶
CVE-2022-25309: fribidi - A heap-based buffer overflow flaw was found in the Fribidi package and affects t...↗2022