First published: Thu Nov 03 2022(Updated: )
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pixman Pixman | <0.42.2 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 | |
debian/pixman | <=0.36.0-1 | 0.36.0-1+deb10u1 0.40.0-1.1~deb11u1 0.42.2-1 |
redhat/Pixman | <0.42.2 | 0.42.2 |
<0.42.2 | ||
=10.0 | ||
=11.0 | ||
=35 | ||
=36 | ||
=37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-44638 is high, with a severity value of 8.8.
The affected software for CVE-2022-44638 includes Pixman versions up to exclusive 0.42.2, Debian Linux 10.0 and 11.0, and Fedora versions 35, 36, and 37.
CVE-2022-44638 is a heap-based buffer overflow vulnerability in Pixman's libpixman, specifically in the rasterize_edges_8 function, caused by an integer overflow in pixman_sample_floor_y.
To fix CVE-2022-44638, update to Pixman version 0.42.2 or higher, Debian Linux versions 10.0-1+deb10u1, 11.0-1.1~deb11u1, or the pixman package 0.42.2-1 for Debian. For Fedora, update to versions 36 or 37.
The references for CVE-2022-44638 are: [1] GitLab issue: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63, [2] Debian Security Tracker: https://security-tracker.debian.org/tracker/CVE-2022-44638, [3] CVE-2022-44638 on CVE website: https://www.cve.org/CVERecord?id=CVE-2022-44638.