CVE-2022-27404 - Vulnerability Details

Vendors	Products
Fedoraproject	Fedora
Freetype	Freetype
Redhat	Enterprise Linux Rhel Eus

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
freetype-0:2.9.1-9.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2022:7745	2022-11-08T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
freetype-0:2.9.1-5.el8_6.3	cpe:/o:redhat:rhel_eus:8.6	RHSA-2024:0420	2024-01-25T00:00:00Z
Red Hat Enterprise Linux 9
freetype-0:2.10.4-9.el9	cpe:/a:redhat:enterprise_linux:9	RHSA-2022:8340	2022-11-15T00:00:00Z
freetype-0:2.10.4-9.el9	cpe:/o:redhat:enterprise_linux:9	RHSA-2022:8340	2022-11-15T00:00:00Z

Link	Providers
https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/
https://nvd.nist.gov/vuln/detail/CVE-2022-27404
https://security.gentoo.org/glsa/202402-06
https://www.cve.org/CVERecord?id=CVE-2022-27404

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-27404", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T05:25:32.670Z", "dateReserved": "2022-03-21T00:00:00", "datePublished": "2022-04-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-03T10:06:23.309904"}, "descriptions": [{"lang": "en", "value": "FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138"}, {"name": "FEDORA-2022-2dd60f1f00", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/"}, {"name": "FEDORA-2022-0985b0cb9f", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/"}, {"name": "FEDORA-2022-7ece4f6d74", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/"}, {"name": "FEDORA-2022-5e45671294", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/"}, {"name": "FEDORA-2022-80e1724780", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/"}, {"name": "GLSA-202402-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202402-06"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:25:32.670Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-2dd60f1f00", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/"}, {"name": "FEDORA-2022-0985b0cb9f", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/"}, {"name": "FEDORA-2022-7ece4f6d74", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/"}, {"name": "FEDORA-2022-5e45671294", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/"}, {"name": "FEDORA-2022-80e1724780", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/"}, {"name": "GLSA-202402-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202402-06"}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2022-27404 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2024-08-03T05:25:32.670Z (string)

dateReserved : 2022-03-21T00:00:00 (string)

datePublished : 2022-04-22T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2024-02-03T10:06:23.309904 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

version : n/a (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 (string)

}

1 : { »

name : FEDORA-2022-2dd60f1f00 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/ (string)

}

2 : { »

name : FEDORA-2022-0985b0cb9f (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/ (string)

}

3 : { »

name : FEDORA-2022-7ece4f6d74 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/ (string)

}

4 : { »

name : FEDORA-2022-5e45671294 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/ (string)

}

5 : { »

name : FEDORA-2022-80e1724780 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/ (string)

}

6 : { »

name : GLSA-202402-06 (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://security.gentoo.org/glsa/202402-06 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : n/a (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T05:25:32.670Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

name : FEDORA-2022-2dd60f1f00 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/ (string)

}

2 : { »

name : FEDORA-2022-0985b0cb9f (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/ (string)

}

3 : { »

name : FEDORA-2022-7ece4f6d74 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/ (string)

}

4 : { »

name : FEDORA-2022-5e45671294 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/ (string)

}

5 : { »

name : FEDORA-2022-80e1724780 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/ (string)

}

6 : { »

name : GLSA-202402-06 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/202402-06 (string)

}

]

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE181DF7-C86E-495B-8CBC-DEA63DD8F647", "versionEndExcluding": "2.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face."}, {"lang": "es", "value": "Se ha detectado que el commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f de FreeType conten\u00eda un desbordamiento del b\u00fafer de la pila por medio de la funci\u00f3n sfnt_init_face"}], "id": "CVE-2022-27404", "lastModified": "2024-11-21T06:55:40.953", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-22T14:15:09.423", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202402-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202402-06"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AE181DF7-C86E-495B-8CBC-DEA63DD8F647 (string)

versionEndExcluding : 2.12.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* (string)

matchCriteriaId : A930E247-0B43-43CB-98FF-6CE7B8189835 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* (string)

matchCriteriaId : 80E516C0-98A4-4ADE-B69F-66A772E2BAAA (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* (string)

matchCriteriaId : 5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. (string)

}

1 : { »

lang : es (string)

value : Se ha detectado que el commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f de FreeType contenía un desbordamiento del búfer de la pila por medio de la función sfnt_init_face (string)

}

]

id : CVE-2022-27404 (string)

lastModified : 2024-11-21T06:55:40.953 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-04-22T14:15:09.423 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Patch (string)

3 : Vendor Advisory (string)

]

url : https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 (string)

}

1 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/ (string)

}

2 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/ (string)

}

3 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/ (string)

}

4 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/ (string)

}

5 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/ (string)

}

6 : { »

source : cve@mitre.org (string)

url : https://security.gentoo.org/glsa/202402-06 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Patch (string)

3 : Vendor Advisory (string)

]

url : https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/ (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/ (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/ (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/ (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/ (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/202402-06 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2022:7745", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "freetype-0:2.9.1-9.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2024:0420", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "freetype-0:2.9.1-5.el8_6.3", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2022:8340", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "freetype-0:2.10.4-9.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:8340", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "freetype-0:2.10.4-9.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}], "bugzilla": {"description": "FreeType: Buffer overflow in sfnt_init_face", "id": "2077989", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077989"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.", "A heap buffer overflow flaw was found in Freetype\u2019s sfnt_init_face() function in the sfobjs.c file. The vulnerability occurs when creating a face with a strange file and invalid index. This flaw allows an attacker to read a small amount of memory, causing the application to crash."], "name": "CVE-2022-27404", "package_state": [{"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multicluster-observability-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "freetype", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "freetype", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-27404\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-27404"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2022:7745 (string)

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

package : freetype-0:2.9.1-9.el8 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2022-11-08T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2024:0420 (string)

cpe : cpe:/o:redhat:rhel_eus:8.6 (string)

package : freetype-0:2.9.1-5.el8_6.3 (string)

product_name : Red Hat Enterprise Linux 8.6 Extended Update Support (string)

release_date : 2024-01-25T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2022:8340 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : freetype-0:2.10.4-9.el9 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2022-11-15T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2022:8340 (string)

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

package : freetype-0:2.10.4-9.el9 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2022-11-15T00:00:00Z (string)

}

]

bugzilla : { »

description : FreeType: Buffer overflow in sfnt_init_face (string)

id : 2077989 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2077989 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 7.6 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H (string)

status : verified (string)

}

cwe : CWE-787 (string)

details : [ »

0 : FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. (string)

1 : A heap buffer overflow flaw was found in Freetype’s sfnt_init_face() function in the sfobjs.c file. The vulnerability occurs when creating a face with a strange file and invalid index. This flaw allows an attacker to read a small amount of memory, causing the application to crash. (string)

]

name : CVE-2022-27404 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:acm:2 (string)

fix_state : Not affected (string)

package_name : rhacm2/multicluster-observability-rhel8-operator (string)

product_name : Red Hat Advanced Cluster Management for Kubernetes 2 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : freetype (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : freetype (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

]

public_date : 2022-04-22T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2022-27404 https://nvd.nist.gov/vuln/detail/CVE-2022-27404 (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object