Access of Uninitialized Pointer Affecting freetype package, versions <0:2.8-14.amzn2.1.1
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Availability
High
Threat Intelligence
EPSS
0.27% (66th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-AMZN2-FREETYPE-3243996
- published 21 Jan 2023
- disclosed 22 Apr 2022
Introduced: 22 Apr 2022
CVE-2022-27405 Open this link in a new tabHow to fix?
Upgrade Amazon-Linux:2 freetype to version 0:2.8-14.amzn2.1.1 or higher.
This issue was patched in ALAS2-2023-1909.
NVD Description
Note: Versions mentioned in the description apply only to the upstream freetype package and not the freetype package as distributed by Amazon-Linux.
See How to fix? for Amazon-Linux:2 relevant fixed versions and status.
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405
- http://freetype.com
- https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/
- https://security.gentoo.org/glsa/202402-06