CVE-2022-25310

Опубликовано: 22 дек. 2021

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.

Отчет

Red Hat Product Security has rated this issue as having a Low security impact, and since Red Hat Enterprise Linux 7 is Out-of-Support-Scope, the issue is not currently planned to be addressed in future updates. Only Important and Critical severity flaws will be addressed at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	fribidi	Out of support scope
Red Hat Enterprise Linux 8	fribidi	Fixed	RHSA-2022:7514	08.11.2022
Red Hat Enterprise Linux 9	fribidi	Fixed	RHSA-2022:8011	15.11.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=2047923fribidi: SEGV in fribidi_remove_bidi_marks

EPSS

Процентиль: 2%

0.00016

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2022-25310

CVSS3: 5.5

ubuntu

почти 3 года назад

CVE-2022-25310

CVSS3: 5.5

nvd

почти 3 года назад

CVE-2022-25310

CVSS3: 5.5

msrc

почти 3 года назад

Описание отсутствует

CVE-2022-25310

CVSS3: 5.5

debian

почти 3 года назад

A segmentation fault (SEGV) flaw was found in the Fribidi package and ...

GHSA-rmjj-m2vr-q2x2

CVSS3: 5.5

github

почти 3 года назад

EPSS

Процентиль: 2%

0.00016

Низкий

5.5 Medium

CVSS3