Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2022-2022-091

Related Vulnerabilities: CVE-2022-25308   CVE-2022-25309   CVE-2022-25310  

A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service. (CVE-2022-25308) A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the --caprtl option, leading to a crash and causing a denial of service. (CVE-2022-25309) A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service. (CVE-2022-25310)

Source

ALAS2022-2022-091

Amazon Linux 2022 Security Advisory: ALAS-2022-091
Advisory Release Date: 2022-06-28 23:52 Pacific
Advisory Updated Date: 2022-07-19 19:45 Pacific
Severity: Medium
Issue Overview:

A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service. (CVE-2022-25308)

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the --caprtl option, leading to a crash and causing a denial of service. (CVE-2022-25309)

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service. (CVE-2022-25310)


Affected Packages:

fribidi


Issue Correction:
Run dnf update --releasever=2022.0.20220628 fribidi to update your system.

New Packages:
aarch64:
    fribidi-debugsource-1.0.11-3.amzn2022.aarch64
    fribidi-1.0.11-3.amzn2022.aarch64
    fribidi-debuginfo-1.0.11-3.amzn2022.aarch64
    fribidi-devel-1.0.11-3.amzn2022.aarch64

i686:
    fribidi-debugsource-1.0.11-3.amzn2022.i686
    fribidi-1.0.11-3.amzn2022.i686
    fribidi-debuginfo-1.0.11-3.amzn2022.i686
    fribidi-devel-1.0.11-3.amzn2022.i686

src:
    fribidi-1.0.11-3.amzn2022.src

x86_64:
    fribidi-debugsource-1.0.11-3.amzn2022.x86_64
    fribidi-debuginfo-1.0.11-3.amzn2022.x86_64
    fribidi-devel-1.0.11-3.amzn2022.x86_64
    fribidi-1.0.11-3.amzn2022.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started