CVE-2022-22938

Name of the Vulnerable Software and Affected Versions VMware Workstation versions 16.x prior to 16.2.2 Horizon Client for Windows versions 5.x prior to 5.5.3

Description The issue exists in the TrueType font parser of the Cortado ThinPrint component. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed. The vulnerability is due to insufficient input validation.

Recommendations For VMware Workstation versions 16.x prior to 16.2.2, update to version 16.2.2 or later. For Horizon Client for Windows versions 5.x prior to 5.5.3, update to version 5.5.3 or later. As a temporary workaround, consider disabling the Cortado ThinPrint component until a patch is available. Restrict access to the TrueType font parser to minimize the risk of exploitation.