Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2023-1909

Related Vulnerabilities: CVE-2022-27404   CVE-2022-27405   CVE-2022-27406  

A heap buffer overflow flaw was found in Freetype's sfnt_init_face() function in the sfobjs.c file. The vulnerability occurs when creating a face with a strange file and invalid index. This flaw allows an attacker to read and modify a small amount of memory, causing the application to crash. (CVE-2022-27404) A segmentation fault was found in the FreeType library. This flaw allows an attacker to attempt access to a memory location in a way that could cause an application to halt or crash, leading to a denial of service. (CVE-2022-27405) A segmentation fault was found in FreeType's FT_Request_Size() function in the ftobjs.c file. This flaw allows an attacker to access a memory location in a way that could cause an application to halt or crash, leading to a denial of service. (CVE-2022-27406)

Source

ALAS2-2023-1909

Amazon Linux 2 Security Advisory: ALAS-2023-1909
Advisory Release Date: 2023-01-18 00:16 Pacific
Advisory Updated Date: 2023-01-20 23:04 Pacific
Severity: Medium
Issue Overview:

A heap buffer overflow flaw was found in Freetype's sfnt_init_face() function in the sfobjs.c file. The vulnerability occurs when creating a face with a strange file and invalid index. This flaw allows an attacker to read and modify a small amount of memory, causing the application to crash. (CVE-2022-27404)

A segmentation fault was found in the FreeType library. This flaw allows an attacker to attempt access to a memory location in a way that could cause an application to halt or crash, leading to a denial of service. (CVE-2022-27405)

A segmentation fault was found in FreeType's FT_Request_Size() function in the ftobjs.c file. This flaw allows an attacker to access a memory location in a way that could cause an application to halt or crash, leading to a denial of service. (CVE-2022-27406)


Affected Packages:

freetype


Issue Correction:
Run yum update freetype to update your system.

New Packages:
aarch64:
    freetype-2.8-14.amzn2.1.1.aarch64
    freetype-demos-2.8-14.amzn2.1.1.aarch64
    freetype-devel-2.8-14.amzn2.1.1.aarch64
    freetype-debuginfo-2.8-14.amzn2.1.1.aarch64

i686:
    freetype-2.8-14.amzn2.1.1.i686
    freetype-demos-2.8-14.amzn2.1.1.i686
    freetype-devel-2.8-14.amzn2.1.1.i686
    freetype-debuginfo-2.8-14.amzn2.1.1.i686

src:
    freetype-2.8-14.amzn2.1.1.src

x86_64:
    freetype-2.8-14.amzn2.1.1.x86_64
    freetype-demos-2.8-14.amzn2.1.1.x86_64
    freetype-devel-2.8-14.amzn2.1.1.x86_64
    freetype-debuginfo-2.8-14.amzn2.1.1.x86_64

Additional References

Red Hat: CVE-2022-27404, CVE-2022-27405, CVE-2022-27406

Mitre: CVE-2022-27404, CVE-2022-27405, CVE-2022-27406

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started