USN-5922-1
- Source
- https://ubuntu.com/security/notices/USN-5922-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5922-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-5922-1
- Related
- Published
- 2023-03-06T13:09:31.908795Z
- Modified
- 2023-03-06T13:09:31.908795Z
- Summary
- fribidi vulnerabilities
- Details
-
It was discovered that FriBidi incorrectly handled the processing of input strings, resulting in memory corruption. An attacker could possibly use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25308)
It was discovered that FriBidi incorrectly validated input data to its CapRTL unicode encoder, resulting in memory corruption. An attacker could possibly use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25309)
It was discovered that FriBidi incorrectly handled empty input when removing marks from unicode strings. An attacker could possibly use this to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25310)
- References
Affected packages
Ubuntu:Pro:16.04:LTS / fribidi
Package
- Name
- fribidi
- Purl
- pkg:deb/ubuntu/fribidi?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.19.7-1ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "0.19.7-1ubuntu0.1~esm1",
"binary_name": "libfribidi-bin"
},
{
"binary_version": "0.19.7-1ubuntu0.1~esm1",
"binary_name": "libfribidi-dev"
},
{
"binary_version": "0.19.7-1ubuntu0.1~esm1",
"binary_name": "libfribidi0"
},
{
"binary_version": "0.19.7-1ubuntu0.1~esm1",
"binary_name": "libfribidi0-udeb"
}
]
}