CVE-2022-25310

2022-02-2200:00:00

ubuntu.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

35.4%

JSON

A segmentation fault (SEGV) flaw was found in the Fribidi package and
affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file.
This flaw allows an attacker to pass a specially crafted file to Fribidi,
leading to a crash and causing a denial of service.

Notes

Author	Note
rayveldkamp	For bionic affected function is in fribidi-deprecated.c

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchfribidi< 0.19.7-2ubuntu0.1UNKNOWN
ubuntu20.04noarchfribidi< 1.0.8-2ubuntu0.1UNKNOWN
ubuntu21.10noarchfribidi< 1.0.8-2ubuntu2.1UNKNOWN
ubuntu22.04noarchfribidi< 1.0.8-2ubuntu3.1UNKNOWN
ubuntu16.04noarchfribidi< 0.19.7-1ubuntu0.1~esm1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	fribidi	< 0.19.7-2ubuntu0.1	UNKNOWN
ubuntu	20.04	noarch	fribidi	< 1.0.8-2ubuntu0.1	UNKNOWN
ubuntu	21.10	noarch	fribidi	< 1.0.8-2ubuntu2.1	UNKNOWN
ubuntu	22.04	noarch	fribidi	< 1.0.8-2ubuntu3.1	UNKNOWN
ubuntu	16.04	noarch	fribidi	< 0.19.7-1ubuntu0.1~esm1	UNKNOWN