USN-5366-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-5366-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5366-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5366-1

Related

Published

2022-04-07T05:12:06.477121Z

Modified

2022-04-07T05:12:06.477121Z

Summary

fribidi vulnerabilities

Details

It was discovered that FriBidi incorrectly handled processing of input strings resulting in memory corruption. An attacker could use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25308)

It was discovered that FriBidi incorrectly validated input data to its CapRTL unicode encoder, resulting in memory corruption. An attacker could use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25309)

It was discovered that FriBidi incorrectly handled empty input when removing marks from unicode strings, resulting in a crash. An attacker could use this to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. (CVE-2022-25310)

References

Affected packages

Ubuntu:18.04:LTS / fribidi

Package

Name: fribidi
Purl: pkg:deb/ubuntu/fribidi@0.19.7-2ubuntu0.1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.19.7-2ubuntu0.1

Affected versions

0.*

0.19.7-1

0.19.7-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libfribidi-bin",
            "binary_version": "0.19.7-2ubuntu0.1"
        },
        {
            "binary_name": "libfribidi-bin-dbgsym",
            "binary_version": "0.19.7-2ubuntu0.1"
        },
        {
            "binary_name": "libfribidi-dev",
            "binary_version": "0.19.7-2ubuntu0.1"
        },
        {
            "binary_name": "libfribidi0",
            "binary_version": "0.19.7-2ubuntu0.1"
        },
        {
            "binary_name": "libfribidi0-dbgsym",
            "binary_version": "0.19.7-2ubuntu0.1"
        },
        {
            "binary_name": "libfribidi0-udeb",
            "binary_version": "0.19.7-2ubuntu0.1"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:20.04:LTS / fribidi

Package

Name: fribidi
Purl: pkg:deb/ubuntu/fribidi@1.0.8-2ubuntu0.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.8-2ubuntu0.1

Affected versions

1.*

1.0.5-3.1

1.0.7-1

1.0.7-1.1

1.0.8-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libfribidi-bin",
            "binary_version": "1.0.8-2ubuntu0.1"
        },
        {
            "binary_name": "libfribidi-bin-dbgsym",
            "binary_version": "1.0.8-2ubuntu0.1"
        },
        {
            "binary_name": "libfribidi-dev",
            "binary_version": "1.0.8-2ubuntu0.1"
        },
        {
            "binary_name": "libfribidi0",
            "binary_version": "1.0.8-2ubuntu0.1"
        },
        {
            "binary_name": "libfribidi0-dbgsym",
            "binary_version": "1.0.8-2ubuntu0.1"
        },
        {
            "binary_name": "libfribidi0-udeb",
            "binary_version": "1.0.8-2ubuntu0.1"
        }
    ],
    "availability": "No subscription required"
}