| Vulnerability Name: | CVE-2022-27404 (CCN-225149) | ||||||||||||||||||||||||||||
| Assigned: | 2022-03-19 | ||||||||||||||||||||||||||||
| Published: | 2022-03-19 | ||||||||||||||||||||||||||||
| Updated: | 2022-07-27 | ||||||||||||||||||||||||||||
| Summary: | FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.8 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
6.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-787 | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-27404 Source: XF Type: UNKNOWN freetype-cve202227404-bo(225149) Source: CCN Type: FreeType GitLab heap-buffer-overflow on creating a face with strange file and invalid index Source: MISC Type: Exploit, Issue Tracking, Patch, Vendor Advisory https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-7ece4f6d74 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-2dd60f1f00 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-80e1724780 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-0985b0cb9f Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-5e45671294 Source: CCN Type: IBM Security Bulletin 6843907 (App Connect Enterprise Certified Container) IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution due to CVE-2022-27404 Source: CCN Type: IBM Security Bulletin 6852221 (Cloud Transformation Advisor) IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6857861 (FileNet Content Manager) Oracle Outside In Technology (OIT) Security Vulnerabilities Source: CCN Type: IBM Security Bulletin 6921283 (Robotic Process Automation for Cloud Pak) Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Source: CCN Type: IBM Security Bulletin 7008109 (FileNet Content Manager) Oracle Outside In Technology (OIT) Security Vulnerabilities Source: CCN Type: Mend Vulnerability Database CVE-2022-27404 | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||