{"schema_version":"1.7.2","id":"OESA-2022-1923","modified":"2022-09-16T11:04:17Z","published":"2022-09-16T11:04:17Z","upstream":["CVE-2022-25308","CVE-2022-25309","CVE-2022-25310"],"summary":"fribidi security update","details":"A library to handle bidirectional scripts (for example Hebrew, Arabic), so that the display is done in the proper way; while the text data itself is always written in logical order and display in a different direction .\r\n\r\nSecurity Fix(es):\r\n\r\nA stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.(CVE-2022-25308)\r\n\r\nA heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the \u0026apos;--caprtl\u0026apos; option, leading to a crash and causing a denial of service.(CVE-2022-25309)\r\n\r\nA segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.(CVE-2022-25310)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"fribidi","purl":"pkg:rpm/openEuler/fribidi\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.10-2.oe1"}]}],"ecosystem_specific":{"aarch64":["fribidi-1.0.10-2.oe1.aarch64.rpm","fribidi-debuginfo-1.0.10-2.oe1.aarch64.rpm","fribidi-debugsource-1.0.10-2.oe1.aarch64.rpm","fribidi-devel-1.0.10-2.oe1.aarch64.rpm"],"src":["fribidi-1.0.10-2.oe1.src.rpm"],"x86_64":["fribidi-debugsource-1.0.10-2.oe1.x86_64.rpm","fribidi-debuginfo-1.0.10-2.oe1.x86_64.rpm","fribidi-devel-1.0.10-2.oe1.x86_64.rpm","fribidi-1.0.10-2.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"fribidi","purl":"pkg:rpm/openEuler/fribidi\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.10-2.oe1"}]}],"ecosystem_specific":{"aarch64":["fribidi-debuginfo-1.0.10-2.oe1.aarch64.rpm","fribidi-1.0.10-2.oe1.aarch64.rpm","fribidi-devel-1.0.10-2.oe1.aarch64.rpm","fribidi-debugsource-1.0.10-2.oe1.aarch64.rpm"],"src":["fribidi-1.0.10-2.oe1.src.rpm"],"x86_64":["fribidi-debuginfo-1.0.10-2.oe1.x86_64.rpm","fribidi-1.0.10-2.oe1.x86_64.rpm","fribidi-debugsource-1.0.10-2.oe1.x86_64.rpm","fribidi-devel-1.0.10-2.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS","name":"fribidi","purl":"pkg:rpm/openEuler/fribidi\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.10-2.oe2203"}]}],"ecosystem_specific":{"aarch64":["fribidi-1.0.10-2.oe2203.aarch64.rpm","fribidi-debugsource-1.0.10-2.oe2203.aarch64.rpm","fribidi-devel-1.0.10-2.oe2203.aarch64.rpm","fribidi-debuginfo-1.0.10-2.oe2203.aarch64.rpm"],"src":["fribidi-1.0.10-2.oe2203.src.rpm"],"x86_64":["fribidi-1.0.10-2.oe2203.x86_64.rpm","fribidi-devel-1.0.10-2.oe2203.x86_64.rpm","fribidi-debugsource-1.0.10-2.oe2203.x86_64.rpm","fribidi-debuginfo-1.0.10-2.oe2203.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1923"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25308"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25309"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25310"}],"database_specific":{"severity":"High"}}