Vulnerabilities > CVE-2022-25310 - NULL Pointer Dereference vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

gnu

redhat

CWE-476

NVD

Published: 2022-09-06

Updated: 2023-06-23

Summary

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Fribidi - GNU Fribidi 0.19.1 GNU Fribidi 0.19.4 GNU Fribidi 0.19.5 GNU Fribidi 0.19.6 GNU Fribidi 0.19.7 GNU Fribidi 1.0.0 GNU Fribidi 1.0.1 GNU Fribidi 1.0.2 GNU Fribidi 1.0.3 GNU Fribidi 1.0.4 GNU Fribidi 1.0.5 GNU Fribidi 1.0.7 GNU Fribidi 1.0.8 GNU Fribidi 1.0.9 GNU Fribidi 1.0.10 GNU Fribidi 1.0.11	17
OS	Redhat Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0	2

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References