Lucene search

K
mageiaGentoo FoundationMGASA-2022-0423
HistoryNov 13, 2022 - 5:25 a.m.

Updated pixman packages fix security vulnerability

2022-11-1305:25:20
Gentoo Foundation
advisories.mageia.org
16
pixman
vulnerability
buffer overflow
integer overflow
unix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.9%

In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. (CVE-2022-44638)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchpixman< 0.40.0-1.1pixman-0.40.0-1.1.mga8

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

71.9%