Vulnerability Details : CVE-2022-25310
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2022-25310
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:fribidi:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-25310
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-25310
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2022-25310
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: secalert@redhat.com (Secondary)
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-25310
-
https://access.redhat.com/security/cve/CVE-2022-25310
CVE-2022-25310- Red Hat Customer PortalThird Party Advisory
-
https://github.com/fribidi/fribidi/issues/183
SEGV on unknown address 0x000000000000 (pc 0x55cc8b6086a6 bp 0x7ffed6538790 sp 0x7ffed6538740 T0) · Issue #183 · fribidi/fribidi · GitHubExploit;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2047923
2047923 – (CVE-2022-25310) CVE-2022-25310 fribidi: SEGV in fribidi_remove_bidi_marksExploit;Issue Tracking;Third Party Advisory
-
https://github.com/fribidi/fribidi/pull/186
Fix SEGV issue in fribidi_remove_bidi_marks by tagoh · Pull Request #186 · fribidi/fribidi · GitHubPatch;Third Party Advisory
Jump to