CVE-2022-27405

Reference Links

• http://freetype.com
• https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2079255
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2079256
• https://access.redhat.com/errata/RHSA-2022:7745
• https://access.redhat.com/errata/RHSA-2022:8340
• https://access.redhat.com/security/cve/cve-2022-27405
• https://access.redhat.com/errata/RHSA-2024:0420
• https://bugzilla.redhat.com/show_bug.cgi?id=2077991
• https://android.googlesource.com/platform/external/freetype/+/d45f0e49ab54065eb72d92aa3cc5f2152b0910b7
• https://source.android.com/docs/security/bulletin/2023-07-01 (Advisory)
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/
• https://security.gentoo.org/glsa/202402-06

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2022-27406

Frequently Asked Questions

• What is the vulnerability ID for this security issue in FreeType?

  The vulnerability ID for this security issue in FreeType is CVE-2022-27405.

• What is the severity level of CVE-2022-27405?

  CVE-2022-27405 has a severity level of high.

• What is the affected software for CVE-2022-27405?

  The affected software for CVE-2022-27405 includes Google Android, Freetype, and Fedora.

• How can the segmentation violation in FreeType be triggered?

  The segmentation violation in FreeType can be triggered via the function FNT_Size_Request.

• Are there any references available for CVE-2022-27405?

  Yes, references for CVE-2022-27405 include https://android.googlesource.com/platform/external/freetype/+/d45f0e49ab54065eb72d92aa3cc5f2152b0910b7 and http://freetype.com.