CVE-2022-27404

Name
CVE-2022-27404
Description
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/
cve@mitre.org https://security.gentoo.org/glsa/202402-06

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* freetype >= None < 2.12.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
qt5-qtwebengine edge-community 5.15.3_git20220601-r2 Bart Ribbers <bribbers@disroot.org> fixed
qt5-qtwebengine 3.22-community 5.15.3_git20220601-r2 None fixed
qt5-qtwebengine 3.21-community 5.15.3_git20220601-r2 None fixed
qt5-qtwebengine 3.20-community 5.15.3_git20220601-r2 None fixed
qt5-qtwebengine 3.19-community 5.15.3_git20220601-r2 None fixed
qt5-qtwebengine 3.18-community 5.15.3_git20220601-r2 None fixed
qt5-qtwebengine 3.17-community 5.15.3_git20220601-r2 None fixed
freetype edge-main 2.12.1-r0 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
freetype edge-main 2.10.4-r0 None possibly vulnerable
freetype edge-main 2.9-r1 None possibly vulnerable
freetype edge-main 2.7.1-r1 None possibly vulnerable
freetype 3.22-main 2.12.1-r0 None fixed
freetype 3.22-main 2.10.4-r0 None possibly vulnerable
freetype 3.22-main 2.9-r1 None possibly vulnerable
freetype 3.22-main 2.7.1-r1 None possibly vulnerable
freetype 3.21-main 2.12.1-r0 None fixed
freetype 3.21-main 2.10.4-r0 None possibly vulnerable
freetype 3.21-main 2.9-r1 None possibly vulnerable
freetype 3.21-main 2.7.1-r1 None possibly vulnerable
freetype 3.20-main 2.12.1-r0 None fixed
freetype 3.20-main 2.10.4-r0 None possibly vulnerable
freetype 3.20-main 2.9-r1 None possibly vulnerable
freetype 3.20-main 2.7.1-r1 None possibly vulnerable
freetype 3.19-main 2.12.1-r0 None fixed
freetype 3.19-main 2.10.4-r0 None possibly vulnerable
freetype 3.19-main 2.9-r1 None possibly vulnerable
freetype 3.19-main 2.7.1-r1 None possibly vulnerable
freetype 3.18-main 2.12.1-r0 None fixed
freetype 3.17-main 2.12.1-r0 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
freetype 3.12-main 2.10.4-r2 Carlo Landmeter <clandmeter@gmail.com> fixed
freetype 3.12-main 2.10.4-r1 Carlo Landmeter <clandmeter@gmail.com> fixed