QID 354657
Date Published: 2023-01-24
QID 354657: Amazon Linux Security Advisory for freetype : ALAS2-2023-1909
A heap buffer overflow flaw was found in freetype's sfnt_init_face() function in the sfobjs.c file.
The vulnerability occurs when creating a face with a strange file and invalid index.
This flaw allows an attacker to read and modify a small amount of memory, causing the application to crash. (
( CVE-2022-27404) a segmentation fault was found in the freetype library.
This flaw allows an attacker to attempt access to a memory location in a way that could cause an application to halt or crash, leading to a denial of service. (
( CVE-2022-27405) a segmentation fault was found in freetype's ft_request_size() function in the ftobjs.c file.
This flaw allows an attacker to access a memory location in a way that could cause an application to halt or crash, leading to a denial of service. (
( CVE-2022-27406)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2-2023-1909 -
alas.aws.amazon.com/AL2/ALAS-2023-1909.html
CVEs related to QID 354657
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2-2023-1909 | amazon linux 2 |
alas.aws.amazon.com/AL2/ALAS-2023-1909.html |