Lucene search

K
rosalinuxROSA LABROSA-SA-2024-2373
HistoryMar 12, 2024 - 12:50 p.m.

Advisory ROSA-SA-2024-2373

2024-03-1212:50:19
ROSA LAB
abf.rosalinux.ru
10
pixman library
rosa virtualization 2.1
cve-2022-44638
arbitrary code execution
memory buffer overflow
security update

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8

Confidence

Low

EPSS

0.003

Percentile

71.9%

Software: pixman 0.38.4
OS: ROSA Virtualization 2.1

package_evr_string: pixman-0.38.4.src.rpm

CVE-ID: CVE-2022-44638
BDU-ID: 2022-06667
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the rasterize_edges_8 function of the Pixman library is related to the ability to write beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: Execute yum update pixman to close.

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchpixman< 0.38.4UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8

Confidence

Low

EPSS

0.003

Percentile

71.9%