CVE-2022-27405
Summary
| CVE | CVE-2022-27405 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-22 14:15:09 UTC |
| Updated | 2026-07-09 01:17:23 UTC |
| Description | FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. |
Risk And Classification
Primary CVSS: v3.1 7.5 HIGH from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS: 0.028160000 probability, percentile 0.848880000 (date 2026-07-12)
Problem Types: CWE-125 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| 2.0 | [email protected] | Primary | 5 | AV:N/AC:L/Au:N/C:N/I:N/A:P |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
NoneAvailability
PartialAV:N/AC:L/Au:N/C:N/I:N/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Operating System | Fedoraproject | Fedora | 36 | All | All | All |
| Application | Freetype | Freetype | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| security.gentoo.org/glsa/202402-06 | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | |
| [SECURITY] Fedora 34 Update: freetype-2.10.4-6.fc34 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: freetype-2.12.1-1.fc36 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: freetype-2.11.0-6.fc35 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| [SECURITY] Fedora 34 Update: freetype-2.10.4-6.fc34 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | |
| SEGV on FT_Set_Char_Size (#1139) · Issues · FreeType / FreeType · GitLab | af854a3a-2127-422b-91ae-364da2661108 | gitlab.freedesktop.org | Issue Tracking, Vendor Advisory |
| [SECURITY] Fedora 36 Update: freetype-2.12.1-1.fc36 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: mingw-freetype-2.12.1-1.fc36 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: mingw-freetype-2.11.0-2.fc35 - package-announce - Fedora Mailing-Lists | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: mingw-freetype-2.12.1-1.fc36 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: freetype-2.11.0-6.fc35 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: mingw-freetype-2.11.0-2.fc35 - package-announce - Fedora Mailing-Lists | [email protected] | lists.fedoraproject.org | |
| Fonts.com | Find, Buy & Download Best Fonts | MITRE | freetype.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160215 Oracle Enterprise Linux Security Update for freetype (ELSA-2022-7745)
- 160280 Oracle Enterprise Linux Security Update for freetype (ELSA-2022-8340)
- 180880 Debian Security Update for freetype (CVE-2022-27405)
- 198869 Ubuntu Security Notification for FreeType Vulnerabilities (USN-5528-1)
- 240834 Red Hat Update for freetype (RHSA-2022:7745)
- 240867 Red Hat Update for freetype (RHSA-2022:8340)
- 242743 Red Hat Update for freetype (RHSA-2024:0420)
- 282659 Fedora Security Update for mingw (FEDORA-2022-0985b0cb9f)
- 282716 Fedora Security Update for mingw (FEDORA-2022-7ece4f6d74)
- 282719 Fedora Security Update for freetype (FEDORA-2022-2dd60f1f00)
- 282742 Fedora Security Update for freetype (FEDORA-2022-5e45671294)
- 282743 Fedora Security Update for freetype (FEDORA-2022-80e1724780)
- 354399 Amazon Linux Security Advisory for freetype : ALAS2022-2022-154
- 354417 Amazon Linux Security Advisory for freetype : ALAS2022-2022-238
- 354569 Amazon Linux Security Advisory for freetype : ALAS-2022-238
- 354657 Amazon Linux Security Advisory for freetype : ALAS2-2023-1909
- 355187 Amazon Linux Security Advisory for freetype : ALAS2023-2023-074
- 355420 Amazon Linux Security Advisory for freetype : ALAS2023-2023-188
- 500190 Alpine Linux Security Update for freetype
- 501405 Alpine Linux Security Update for freetype
- 501959 Alpine Linux Security Update for freetype
- 502439 Alpine Linux Security Update for freetype
- 502485 Alpine Linux Security Update for qt5-qtwebengine
- 502946 Alpine Linux Security Update for qt5-qtwebengine
- 503930 Alpine Linux Security Update for freetype
- 505816 Alpine Linux Security Update for qt5-qtwebengine
- 610502 Google Android August 2023 Security Patch Missing for Huawei EMUI
- 610504 Google Android Devices July 2023 Security Patch Missing
- 671885 EulerOS Security Update for freetype (EulerOS-SA-2022-1928)
- 671922 EulerOS Security Update for freetype (EulerOS-SA-2022-1994)
- 671940 EulerOS Security Update for freetype (EulerOS-SA-2022-1964)
- 671985 EulerOS Security Update for freetype (EulerOS-SA-2022-2155)
- 671994 EulerOS Security Update for freetype (EulerOS-SA-2022-2130)
- 710854 Gentoo Linux FreeType Multiple Vulnerabilities (GLSA 202402-06)
- 752575 SUSE Enterprise Linux Security Update for freetype2 (SUSE-SU-2022:3252-1)
- 752605 SUSE Enterprise Linux Security Update for freetype2 (SUSE-SU-2022:3252-2)
- 901296 Common Base Linux Mariner (CBL-Mariner) Security Update for freetype (9612)
- 901551 Common Base Linux Mariner (CBL-Mariner) Security Update for freetype (9580)
- 903730 Common Base Linux Mariner (CBL-Mariner) Security Update for freetype (9612-1)
- 903859 Common Base Linux Mariner (CBL-Mariner) Security Update for freetype (9580-1)
- 940746 AlmaLinux Security Update for freetype (ALSA-2022:7745)
- 940791 AlmaLinux Security Update for freetype (ALSA-2022:8340)
- 960179 Rocky Linux Security Update for freetype (RLSA-2022:7745)
- 960605 Rocky Linux Security Update for freetype (RLSA-2022:8340)