CVE-2022-27404
Summary
| CVE | CVE-2022-27404 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-04-22 14:15:00 UTC |
|---|
| Updated | 2023-11-07 03:45:00 UTC |
|---|
| Description | FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 36 Update: mingw-freetype-2.12.1-1.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| heap-buffer-overflow on creating a face with strange file and invalid index (#1138) · Issues · FreeType / FreeType · GitLab |
MISC |
gitlab.freedesktop.org |
|
| [SECURITY] Fedora 35 Update: freetype-2.11.0-6.fc35 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 34 Update: freetype-2.10.4-6.fc34 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 36 Update: freetype-2.12.1-1.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 35 Update: freetype-2.11.0-6.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 36 Update: freetype-2.12.1-1.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 35 Update: mingw-freetype-2.11.0-2.fc35 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 36 Update: mingw-freetype-2.12.1-1.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 34 Update: freetype-2.10.4-6.fc34 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 35 Update: mingw-freetype-2.11.0-2.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160215 Oracle Enterprise Linux Security Update for freetype (ELSA-2022-7745)
- 160280 Oracle Enterprise Linux Security Update for freetype (ELSA-2022-8340)
- 180843 Debian Security Update for freetype (CVE-2022-27404)
- 198869 Ubuntu Security Notification for FreeType Vulnerabilities (USN-5528-1)
- 240834 Red Hat Update for freetype (RHSA-2022:7745)
- 240867 Red Hat Update for freetype (RHSA-2022:8340)
- 242743 Red Hat Update for freetype (RHSA-2024:0420)
- 282659 Fedora Security Update for mingw (FEDORA-2022-0985b0cb9f)
- 282716 Fedora Security Update for mingw (FEDORA-2022-7ece4f6d74)
- 282719 Fedora Security Update for freetype (FEDORA-2022-2dd60f1f00)
- 282742 Fedora Security Update for freetype (FEDORA-2022-5e45671294)
- 282743 Fedora Security Update for freetype (FEDORA-2022-80e1724780)
- 296086 Oracle Solaris 11.4 Support Repository Update (SRU) 51.132.1 Missing (CPUOCT2022)
- 354399 Amazon Linux Security Advisory for freetype : ALAS2022-2022-154
- 354417 Amazon Linux Security Advisory for freetype : ALAS2022-2022-238
- 354569 Amazon Linux Security Advisory for freetype : ALAS-2022-238
- 354657 Amazon Linux Security Advisory for freetype : ALAS2-2023-1909
- 355187 Amazon Linux Security Advisory for freetype : ALAS2023-2023-074
- 500189 Alpine Linux Security Update for freetype
- 501404 Alpine Linux Security Update for freetype
- 501958 Alpine Linux Security Update for freetype
- 502217 Alpine Linux Security Update for freetype
- 502439 Alpine Linux Security Update for freetype
- 502485 Alpine Linux Security Update for qt5-qtwebengine
- 502946 Alpine Linux Security Update for qt5-qtwebengine
- 503930 Alpine Linux Security Update for freetype
- 505816 Alpine Linux Security Update for qt5-qtwebengine
- 671885 EulerOS Security Update for freetype (EulerOS-SA-2022-1928)
- 671922 EulerOS Security Update for freetype (EulerOS-SA-2022-1994)
- 671940 EulerOS Security Update for freetype (EulerOS-SA-2022-1964)
- 671985 EulerOS Security Update for freetype (EulerOS-SA-2022-2155)
- 671994 EulerOS Security Update for freetype (EulerOS-SA-2022-2130)
- 710854 Gentoo Linux FreeType Multiple Vulnerabilities (GLSA 202402-06)
- 752575 SUSE Enterprise Linux Security Update for freetype2 (SUSE-SU-2022:3252-1)
- 752605 SUSE Enterprise Linux Security Update for freetype2 (SUSE-SU-2022:3252-2)
- 901298 Common Base Linux Mariner (CBL-Mariner) Security Update for freetype (9611)
- 901821 Common Base Linux Mariner (CBL-Mariner) Security Update for freetype (9573)
- 902025 Common Base Linux Mariner (CBL-Mariner) Security Update for freetype (9611-1)
- 902116 Common Base Linux Mariner (CBL-Mariner) Security Update for freetype (9573-1)
- 904815 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtbase (12416)
- 904850 Common Base Linux Mariner (CBL-Mariner) Security Update for mozjs60 (12377)
- 905060 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtbase (12613)
- 906921 Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtbase (26757-1)
- 940746 AlmaLinux Security Update for freetype (ALSA-2022:7745)
- 940791 AlmaLinux Security Update for freetype (ALSA-2022:8340)
- 960179 Rocky Linux Security Update for freetype (RLSA-2022:7745)
- 960605 Rocky Linux Security Update for freetype (RLSA-2022:8340)
