[Debian] High CVE: CVE-2022-25308/CVE-2022-25309/CVE-2022-25310: fribidi: multiple CVEs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
hqbai |
Bug Description
CVE-2022-25308: https:/
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.
CVE-2022-25309: https:/
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_
CVE-2022-25310: https:/
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_
Base Score: High
References:
https:/
https:/
https:/
['libfribidi0_
CVE References
tags: | added: stx.9.0 stx.se |
tags: |
added: stx.security removed: stx.se |
Changed in starlingx: | |
assignee: | nobody → hqbai (hbai) |
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/886237
Review: https:/