CVE-2022-22938
First published: Fri Jan 28 2022(Updated: )
VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Workstation | >=16.0.0<16.2.2 | |
| Microsoft Windows | ||
| Vmware Horizon | >=5.0.0<5.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2022-22938.
What software versions are affected by this vulnerability?
VMware Workstation versions prior to 16.2.2 and Horizon Client for Windows versions prior to 5.5.3 are affected.
What is the severity level of CVE-2022-22938?
The severity level is medium with a CVSS score of 6.5.
What is the component that contains the vulnerability?
The vulnerability exists in the Cortado ThinPrint component.
How can this vulnerability be exploited?
A malicious actor with access to a virtual machine or remote desktop may exploit this vulnerability.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware workstation
- version/vmware workstation/16.0.0
- vendor/microsoft
- canonical/microsoft windows
- canonical/vmware horizon
- version/vmware horizon/5.0.0