UbuntuUSN-5366-2FriBidi vulnerabilities
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.2%
Releases
- Ubuntu 22.04 LTS
Packages
- fribidi - Free Implementation of the Unicode BiDi algorithm (utility)
Details
USN-5366-1 fixed several vulnerabilities in FriBidi. This update provides the
corresponding updates for Ubuntu 22.04 LTS.
Original advisory details:
It was discovered that FriBidi incorrectly handled processing of input strings
resulting in memory corruption. An attacker could use this issue to cause
FriBidi to crash, resulting in a denial of service, or potentially execute
arbitrary code. (CVE-2022-25308)
It was discovered that FriBidi incorrectly validated input data to its CapRTL
unicode encoder, resulting in memory corruption. An attacker could use this
issue to cause FriBidi to crash, resulting in a denial of service, or
potentially execute arbitrary code. (CVE-2022-25309)
It was discovered that FriBidi incorrectly handled empty input when removing
marks from unicode strings, resulting in a crash. An attacker could use this
to cause FriBidi to crash, resulting in a denial of service, or potentially
execute arbitrary code. (CVE-2022-25310)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.04 | noarch | libfribidi-bin | < 1.0.8-2ubuntu3.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libfribidi-bin-dbgsym | < 1.0.8-2ubuntu3.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libfribidi-dev | < 1.0.8-2ubuntu3.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libfribidi0 | < 1.0.8-2ubuntu3.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | libfribidi0-dbgsym | < 1.0.8-2ubuntu3.1 | UNKNOWN |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.2%