3. Denial-of-service vulnerability via Cortado ThinPrint (CVE-2022-22938)
VMware Workstation and Horizon Client for Windows contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in the TrueType font parser. VMware has evaluated the severity of the issue to be in the Moderate severity range with a CVSSv3 base score of 4.0.
CPE | Name | Operator | Version |
---|---|---|---|
workstation | lt | 16.2.2 | |
horizon client for windows | lt | 5.5.3 |
customerconnect.vmware.com/downloads/details?downloadGroup=WKST-1622-WIN&productId=1038&rPId=82543
customerconnect.vmware.com/en/downloads/details?downloadGroup=CART23FQ1_WIN_553&productId=863&rPId=83368
customerconnect.vmware.com/en/downloads/details?downloadGroup=WKST-PLAYER-1622&productId=1039&rPId=82555
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22938
docs.vmware.com/en/VMware-Horizon-Client-for-Windows/5.5.3/rn/VMware-Horizon-Client-for-Windows-553-Release-Notes.html
docs.vmware.com/en/VMware-Workstation-Player/16.2.2/rn/VMware-Workstation-1622-Player-Release-Notes.html
docs.vmware.com/en/VMware-Workstation-Pro/16.2.2/rn/VMware-Workstation-1622-Pro-Release-Notes.html
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L