CVE-2022-25309
Severity CVSS v4.0:
Pending analysis
Type:
CWE-122
Heap-based Buffer Overflow
Publication date:
06/09/2022
Last modified:
12/02/2023
Description
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gnu:fribidi:*:*:*:*:*:*:*:* | 1.0.12 (excluding) | |
| cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



