OESA-2022-1923
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1923
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-1923.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2022-1923
- Upstream
- Published
- 2022-09-16T11:04:17Z
- Modified
- 2025-08-12T05:13:06.233996Z
- Summary
- fribidi security update
- Details
-
A library to handle bidirectional scripts (for example Hebrew, Arabic), so that the display is done in the proper way; while the text data itself is always written in logical order and display in a different direction .
Security Fix(es):
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.(CVE-2022-25308)
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidicaprtltounicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.(CVE-2022-25309)
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidiremovebidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.(CVE-2022-25310)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP1 / fribidi
Package
- Name
- fribidi
- Purl
- pkg:rpm/openEuler/fribidi&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.10-2.oe1
Ecosystem specific
{
"src": [
"fribidi-1.0.10-2.oe1.src.rpm"
],
"x86_64": [
"fribidi-debugsource-1.0.10-2.oe1.x86_64.rpm",
"fribidi-debuginfo-1.0.10-2.oe1.x86_64.rpm",
"fribidi-devel-1.0.10-2.oe1.x86_64.rpm",
"fribidi-1.0.10-2.oe1.x86_64.rpm"
],
"aarch64": [
"fribidi-1.0.10-2.oe1.aarch64.rpm",
"fribidi-debuginfo-1.0.10-2.oe1.aarch64.rpm",
"fribidi-debugsource-1.0.10-2.oe1.aarch64.rpm",
"fribidi-devel-1.0.10-2.oe1.aarch64.rpm"
]
}
openEuler:20.03-LTS-SP3 / fribidi
Package
- Name
- fribidi
- Purl
- pkg:rpm/openEuler/fribidi&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.10-2.oe1
Ecosystem specific
{
"src": [
"fribidi-1.0.10-2.oe1.src.rpm"
],
"x86_64": [
"fribidi-debuginfo-1.0.10-2.oe1.x86_64.rpm",
"fribidi-1.0.10-2.oe1.x86_64.rpm",
"fribidi-debugsource-1.0.10-2.oe1.x86_64.rpm",
"fribidi-devel-1.0.10-2.oe1.x86_64.rpm"
],
"aarch64": [
"fribidi-debuginfo-1.0.10-2.oe1.aarch64.rpm",
"fribidi-1.0.10-2.oe1.aarch64.rpm",
"fribidi-devel-1.0.10-2.oe1.aarch64.rpm",
"fribidi-debugsource-1.0.10-2.oe1.aarch64.rpm"
]
}
openEuler:22.03-LTS / fribidi
Package
- Name
- fribidi
- Purl
- pkg:rpm/openEuler/fribidi&distro=openEuler-22.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.10-2.oe2203
Ecosystem specific
{
"src": [
"fribidi-1.0.10-2.oe2203.src.rpm"
],
"x86_64": [
"fribidi-1.0.10-2.oe2203.x86_64.rpm",
"fribidi-devel-1.0.10-2.oe2203.x86_64.rpm",
"fribidi-debugsource-1.0.10-2.oe2203.x86_64.rpm",
"fribidi-debuginfo-1.0.10-2.oe2203.x86_64.rpm"
],
"aarch64": [
"fribidi-1.0.10-2.oe2203.aarch64.rpm",
"fribidi-debugsource-1.0.10-2.oe2203.aarch64.rpm",
"fribidi-devel-1.0.10-2.oe2203.aarch64.rpm",
"fribidi-debuginfo-1.0.10-2.oe2203.aarch64.rpm"
]
}