CVE-2022-27470

Опубликовано: 04 мая 2022

Источник: debian

Описание

SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libsdl2-ttf	fixed	2.0.18+dfsg-3		package
libsdl2-ttf	not-affected		bullseye	package
libsdl2-ttf	not-affected		buster	package
libsdl2-ttf	not-affected		stretch	package

Примечания

https://github.com/libsdl-org/SDL_ttf/commit/db1b41ab8bde6723c24b866e466cad78c2fa0448
https://github.com/libsdl-org/SDL_ttf/issues/187
Introduced in https://github.com/libsdl-org/SDL_ttf/commit/31589bd7316d946d2eb122afaed68bc9b9b0fceb

Связанные уязвимости

CVE-2022-27470

CVSS3: 7.8

ubuntu

почти 4 года назад

SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.

CVE-2022-27470

CVSS3: 7.8

nvd

почти 4 года назад

SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.

GHSA-8fg7-x4v8-wv65

CVSS3: 7.8

github

почти 4 года назад

SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.

BDU:2025-04905

CVSS3: 7.8

fstec

почти 4 года назад

Уязвимость функции TTF_RenderText_Solid() библиотеки SDL_ttf, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации