Heap-based Buffer Overflow

2022-05-1623:37:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

8.4%

JSON

fribidi:edge is vulnerable to heap-based buffer overflow. The fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file allows an attacker to pass a specially crafted file to the Fribidi application with the ‘–caprtl’ option, leading to a crash and causing a denial of service.

CPENameOperatorVersion
fribidi:edgeeq1.0.9-r0
fribidi:edgeeq1.0.11-r1
fribidi:edgeeq1.0.10-r0
fribidi:edgeeq1.0.11-r0
fribidieq1.0.4__7.el8_1
fribidieq0.19.4__6.el7
fribidieq1.0.4__6.el8
fribidieq1.0.2__1.el7_7.1
fribidieq1.0.4__8.el8
fribidieq1.0.2__1.el7

Name	Operator	Version
fribidi:edge	eq	1.0.9-r0
fribidi:edge	eq	1.0.11-r1
fribidi:edge	eq	1.0.10-r0
fribidi:edge	eq	1.0.11-r0
fribidi	eq	1.0.4__7.el8_1
fribidi	eq	0.19.4__6.el7
fribidi	eq	1.0.4__6.el8
fribidi	eq	1.0.2__1.el7_7.1
fribidi	eq	1.0.4__8.el8
fribidi	eq	1.0.2__1.el7