Vulnerability Name:

CVE-2022-44638 (CCN-240592)

Assigned:2022-11-03
Published:2022-11-03
Updated:2022-12-13
Summary:Pixman could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the rasterize_edges_8 function in libpixman. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-44638

Source: cve@mitre.org
Type: Exploit, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List
cve@mitre.org

Source: XF
Type: UNKNOWN
pixman-cve202244638-code-exec(240592)

Source: CCN
Type: Pixman GIT Repository
Integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write

Source: cve@mitre.org
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: Mend Vulnerability Database
CVE-2022-44638

Oval Definitions
Definition IDClassTitleLast Modified
oval:org.opensuse.security:def:7643
P
libpixman-1-0-0.40.0-150400.3.3.1 on GA media (Moderate)
2023-06-12
oval:org.opensuse.security:def:7956
P
libpixman-1-0-32bit-0.40.0-150400.3.3.1 on GA media (Moderate)
2023-06-12
oval:org.opensuse.security:def:51568
P
Security update for pixman (Important)
2022-11-23
oval:org.opensuse.security:def:51963
P
Security update for pixman (Important)
2022-11-23
BACK