CVE-2022-27404
Description
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.124
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-27404 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.26 | Windows |
| Vulnerabilities CVE-2022-27404 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.21 | Windows |
| Vulnerabilities CVE-2022-27404 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 20.12.18 | Windows |
| Vulnerabilities CVE-2022-27404 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 21.12.12 | Windows |
| Vulnerabilities CVE-2022-27404 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 22.12.3 | Windows |
| FreeType 2 is a font engine library (USN-5528-1) libfreetype6_2.8.1-2ubuntu2.2_i386.deb | Linux |
| FreeType 2 is a font engine library (USN-5528-1) libfreetype6_2.8.1-2ubuntu2.2_amd64.deb | Linux |
| FreeType 2 is a font engine library (USN-5528-1) libfreetype6_2.10.1-2ubuntu0.2_i386.deb | Linux |
| FreeType 2 is a font engine library (USN-5528-1) libfreetype6_2.10.1-2ubuntu0.2_amd64.deb | Linux |
| FreeType 2 is a font engine library (USN-5528-1) libfreetype6_2.11.1+dfsg-1ubuntu0.1_i386.deb | Linux |
| FreeType 2 is a font engine library (USN-5528-1) libfreetype6_2.11.1+dfsg-1ubuntu0.1_amd64.deb | Linux |
| (RHSA-2022:7745) freetype security update freetype-2.9.1-9.el8.i686.rpm | Linux |
| (RHSA-2022:7745) freetype security update freetype-2.9.1-9.el8.x86_64.rpm | Linux |
| (RHSA-2022:7745) freetype security update freetype-debugsource-2.9.1-9.el8.i686.rpm | Linux |
| (RHSA-2022:7745) freetype security update freetype-debugsource-2.9.1-9.el8.x86_64.rpm | Linux |
| (RHSA-2022:7745) freetype security update freetype-devel-2.9.1-9.el8.i686.rpm | Linux |
| (RHSA-2022:7745) freetype security update freetype-devel-2.9.1-9.el8.x86_64.rpm | Linux |
| (RHSA-2022:8340) freetype security update freetype-2.10.4-9.el9.i686.rpm | Linux |
| (RHSA-2022:8340) freetype security update freetype-2.10.4-9.el9.x86_64.rpm | Linux |
| (RHSA-2022:8340) freetype security update freetype-debugsource-2.10.4-9.el9.i686.rpm | Linux |
| (RHSA-2022:8340) freetype security update freetype-debugsource-2.10.4-9.el9.x86_64.rpm | Linux |
| (RHSA-2022:8340) freetype security update freetype-devel-2.10.4-9.el9.i686.rpm | Linux |
| (RHSA-2022:8340) freetype security update freetype-devel-2.10.4-9.el9.x86_64.rpm | Linux |
| freetype security update (RLSA-2022:7745) freetype-2.9.1-9.el8.i686.rpm | Linux |
| freetype security update (RLSA-2022:7745) freetype-2.9.1-9.el8.x86_64.rpm | Linux |
| freetype security update (RLSA-2022:7745) freetype-devel-2.9.1-9.el8.i686.rpm | Linux |
| freetype security update (RLSA-2022:7745) freetype-devel-2.9.1-9.el8.x86_64.rpm | Linux |
| freetype security update (RLSA-2022:8340) freetype-2.10.4-9.el9.i686.rpm | Linux |
| freetype security update (RLSA-2022:8340) freetype-2.10.4-9.el9.x86_64.rpm | Linux |
| freetype security update (RLSA-2022:8340) freetype-devel-2.10.4-9.el9.i686.rpm | Linux |
| freetype security update (RLSA-2022:8340) freetype-devel-2.10.4-9.el9.x86_64.rpm | Linux |
| SUSE-SU-2022:3252-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libfreetype6-2.10.4-150000.4.12.1.x86_64_15_SP3.rpm | Linux |
| SUSE-SU-2022:3252-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) freetype2-devel-2.10.4-150000.4.12.1.x86_64_15_SP3.rpm | Linux |
| SUSE-SU-2022:3252-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libfreetype6-32bit-2.10.4-150000.4.12.1.x86_64_15_SP3.rpm | Linux |
| (RHSA-2022:7745)Moderate: security update freetype-debuginfo-2.9.1-9.el8.i686.rpm | Linux |
| (RHSA-2022:7745)Moderate: security update freetype-debuginfo-2.9.1-9.el8.x86_64.rpm | Linux |
| (RHSA-2022:7745)Moderate: security update freetype-demos-debuginfo-2.9.1-9.el8.i686.rpm | Linux |
| (RHSA-2022:7745)Moderate: security update freetype-demos-debuginfo-2.9.1-9.el8.x86_64.rpm | Linux |
| Freetype update (ELSA-2022-7745) freetype-2.9.1-9.el8.i686.rpm | Linux |
| Freetype update (ELSA-2022-7745) freetype-2.9.1-9.el8.x86_64.rpm | Linux |
| Freetype-devel update (ELSA-2022-7745) freetype-devel-2.9.1-9.el8.i686.rpm | Linux |
| Freetype-devel update (ELSA-2022-7745) freetype-devel-2.9.1-9.el8.x86_64.rpm | Linux |
| Freetype update (ELSA-2022-8340) freetype-2.10.4-9.el9.i686.rpm | Linux |
| Freetype update (ELSA-2022-8340) freetype-2.10.4-9.el9.x86_64.rpm | Linux |
| Freetype-devel update (ELSA-2022-8340) freetype-devel-2.10.4-9.el9.i686.rpm | Linux |
| Freetype-devel update (ELSA-2022-8340) freetype-devel-2.10.4-9.el9.x86_64.rpm | Linux |
| freetype Security Update (ALAS-2023-1909) freetype-2.8-14.amzn2.1.1.i686.rpm | Linux |
| freetype Security Update (ALAS-2023-1909) freetype-2.8-14.amzn2.1.1.x86_64.rpm | Linux |
| freetype Security Update (ALAS-2023-1909) freetype-demos-2.8-14.amzn2.1.1.x86_64.rpm | Linux |
| freetype Security Update (ALAS-2023-1909) freetype-devel-2.8-14.amzn2.1.1.x86_64.rpm | Linux |
| Moderate: freetype security update freetype-2.10.4-9.el9.i686.rpm | Linux |
| Moderate: freetype security update freetype-2.10.4-9.el9.x86_64.rpm | Linux |
| Moderate: freetype security update freetype-devel-2.10.4-9.el9.i686.rpm | Linux |
| Moderate: freetype security update freetype-devel-2.10.4-9.el9.x86_64.rpm | Linux |
| freetype Security Update (ALAS2023-2023-074) freetype-2.12.1-3.amzn2023.0.1.x86_64.rpm | Linux |
| freetype Security Update (ALAS2023-2023-074) freetype-demos-2.12.1-3.amzn2023.0.1.x86_64.rpm | Linux |
| freetype Security Update (ALAS2023-2023-074) freetype-devel-2.12.1-3.amzn2023.0.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234