CVE-2022-27404

moderate-risk

Published 2022-04-22

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.

Do I need to act?

-

0.12% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

+

Fix available

Upgrade to: e50798b72043c8b378caa46e0a854519f9028ae4

9

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (4)

Freetype

Fedora

Fedora

Fedora

Affected Vendors

Fedoraproject Freetype

References (14)

Exploit https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://security.gentoo.org/glsa/202402-06

Exploit https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://security.gentoo.org/glsa/202402-06

43

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 1/34 · Minimal

Exposure 10/34 · Low