Vulnerability Details CVE-2022-44638
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.8%
CVSS Severity
CVSS v3 Score 8.8
References
- http://packetstormsecurity.com/files/170121/pixman-pixman_sample_floor_y-Integer-Overflow.html
- http://www.openwall.com/lists/oss-security/2022/11/05/1
- https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
- https://lists.debian.org/debian-lts-announce/2022/11/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/
- https://www.debian.org/security/2022/dsa-5276
- http://packetstormsecurity.com/files/170121/pixman-pixman_sample_floor_y-Integer-Overflow.html
- http://www.openwall.com/lists/oss-security/2022/11/05/1
- https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
- https://lists.debian.org/debian-lts-announce/2022/11/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/
- https://www.debian.org/security/2022/dsa-5276
Products affected by CVE-2022-44638
-
cpe:2.3:a:pixman:pixman:-
-
cpe:2.3:a:pixman:pixman:0.10.0
-
cpe:2.3:a:pixman:pixman:0.12.0
-
cpe:2.3:a:pixman:pixman:0.14.0
-
cpe:2.3:a:pixman:pixman:0.16.0
-
cpe:2.3:a:pixman:pixman:0.16.2
-
cpe:2.3:a:pixman:pixman:0.16.4
-
cpe:2.3:a:pixman:pixman:0.16.6
-
cpe:2.3:a:pixman:pixman:0.18.0
-
cpe:2.3:a:pixman:pixman:0.18.2
-
cpe:2.3:a:pixman:pixman:0.18.4
-
cpe:2.3:a:pixman:pixman:0.20.0
-
cpe:2.3:a:pixman:pixman:0.20.2
-
cpe:2.3:a:pixman:pixman:0.22.0
-
cpe:2.3:a:pixman:pixman:0.22.2
-
cpe:2.3:a:pixman:pixman:0.24.0
-
cpe:2.3:a:pixman:pixman:0.24.2
-
cpe:2.3:a:pixman:pixman:0.24.4
-
cpe:2.3:a:pixman:pixman:0.26.0
-
cpe:2.3:a:pixman:pixman:0.26.2
-
cpe:2.3:a:pixman:pixman:0.28.0
-
cpe:2.3:a:pixman:pixman:0.28.2
-
cpe:2.3:a:pixman:pixman:0.30.0
-
cpe:2.3:a:pixman:pixman:0.30.2
-
cpe:2.3:a:pixman:pixman:0.32.0
-
cpe:2.3:a:pixman:pixman:0.32.2
-
cpe:2.3:a:pixman:pixman:0.32.4
-
cpe:2.3:a:pixman:pixman:0.32.5
-
cpe:2.3:a:pixman:pixman:0.32.6
-
cpe:2.3:a:pixman:pixman:0.32.8
-
cpe:2.3:a:pixman:pixman:0.34.0
-
cpe:2.3:a:pixman:pixman:0.36.0
-
cpe:2.3:a:pixman:pixman:0.38.0
-
cpe:2.3:a:pixman:pixman:0.38.2
-
cpe:2.3:a:pixman:pixman:0.38.4
-
cpe:2.3:a:pixman:pixman:0.40.0
-
cpe:2.3:a:pixman:pixman:0.42.0
-
cpe:2.3:a:pixman:pixman:0.9.6
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:fedoraproject:fedora:35
-
cpe:2.3:o:fedoraproject:fedora:36
-
cpe:2.3:o:fedoraproject:fedora:37