CVE-2022-25309

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Fribidi (affected versions not specified)

Description A heap-based buffer overflow flaw was found in the Fribidi package, affecting the fribidi cap rtl to unicode() function. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service. The exploitation of this flaw may also allow a remote attacker to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Memory Corruption

Heap Based Buffer Overflow

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787CWE-122CWE-476

Related Identifiers

ALSA-2022:7514

ALSA-2022:8011

ALT-PU-2022-1728

ALT-PU-2022-1742

AZL-10887

BDU:2022-02660

BDU:2022-03127

CESA-2022_7514

CVE-2022-25309

DLA-2974-1

INFSA-2022_8011

JLSEC-2025-171

MGASA-2022-0136

OESA-2022-1923

OPENSUSE-SU-2022_1844-1

OPENSUSE-SU-2022_1898-1

RHSA-2022:7514

RHSA-2022:8011

RHSA-2022_7514

RHSA-2022_8011

RLSA-2022:7514

RLSA-2022:8011

SUSE-SU-2022:1844-1

SUSE-SU-2022:1845-1

SUSE-SU-2022:1898-1

SUSE-SU-2022:2029-1

USN-5366-1

USN-5366-2

USN-5922-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Fribidi

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2022-25309

Weakness Enumeration

Related Identifiers

Affected Products

References · 87