CVE-2022-3775

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3775

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3775.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-3775

Downstream

DEBIAN-CVE-2022-3775

DLA-3190-1

DLA-3190-2

DSA-5280-1

OESA-2022-2118

RHSA-2022:8494

RHSA-2022:8800

RHSA-2022:8978

RHSA-2023:0047

RHSA-2023:0048

RHSA-2023:0049

RHSA-2023:0752

SUSE-SU-2022:4140-1

SUSE-SU-2022:4141-1

SUSE-SU-2022:4142-1

SUSE-SU-2022:4143-1

SUSE-SU-2022:4144-1

SUSE-SU-2022:4218-1

SUSE-SU-2022:4219-1

SUSE-SU-2022:4302-1

SUSE-SU-2023:1701-1

UBUNTU-CVE-2022-3775

USN-6355-1

openSUSE-SU-2024:12517-1

Related

Published

2022-12-19T20:15:11Z

Modified

2025-08-09T20:01:26Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.

References

Affected packages