PT-2022-5353 · Mozilla+10 · Firefox+10

Maddie Stone

·

Published

2022-11-03

·

Updated

2025-05-02

·

CVE-2022-44638

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Pixman versions prior to 0.42.2
Description The issue is related to an out-of-bounds write, also known as a heap-based buffer overflow, in the rasterize edges 8 function of the Pixman library. This occurs due to an integer overflow in pixman sample floor y. The exploitation of this issue could allow a remote attacker to execute arbitrary code. The library is used for low-level graphics rendering in various open-source projects, including X.Org, Cairo, Firefox, and composite managers based on the Wayland protocol.
Recommendations For Pixman versions prior to 0.42.2, update to version 0.42.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the rasterize edges 8 function until a patch is available. Avoid using parameters that could lead to integer overflow in pixman sample floor y until the issue is resolved.

Exploit

Fix

Integer Overflow

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2023:7754
ALSA-2024:0131
ALSA-2024:2525
ALT-PU-2022-3010
ALT-PU-2022-3188
ALT-PU-2022-3434
AZL-11392
BDU:2022-06667
CESA-2024_0131
CVE-2022-44638
DLA-3179-1
DSA-5276-1
INFSA-2023_7754
INFSA-2024_2525
MGASA-2022-0423
OESA-2022-2058
OPENSUSE-SU-2022_4148-1
OPENSUSE-SU-2022_4206-1
OPENSUSE-SU-2024:12497-1
RHSA-2023:7375
RHSA-2023:7386
RHSA-2023:7403
RHSA-2023:7531
RHSA-2023:7754
RHSA-2023_7754
RHSA-2024:0131
RHSA-2024:2525
RHSA-2024_0131
RHSA-2024_2525
SUSE-SU-2022:4148-1
SUSE-SU-2022:4206-1
SUSE-SU-2022:4249-1
SUSE-SU-2022_4148-1
SUSE-SU-2022_4206-1
SUSE-SU-2022_4249-1
USN-5718-1
USN-5718-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu