ALT-PU-2022-2179-2
Closed vulnerabilities
Published: 2025-04-24
Modified: 2025-09-05
Modified: 2025-09-05
BDU:2025-04905
Уязвимость функции TTF_RenderText_Solid() библиотеки SDL_ttf, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.8)Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2022-05-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-27470
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://github.com/libsdl-org/SDL_ttf/commit/db1b41ab8bde6723c24b866e466cad78c2fa0448
- https://github.com/libsdl-org/SDL_ttf/issues/187
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAGMQMRQDTZFQW64JEW3O6HY3JYLAAHT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RXI3MDPR24W5557G34YHWOP2MOK6BTGB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPYTEBBNHCDGPVFACC5RC5K2FZUCYTPZ/
- https://github.com/libsdl-org/SDL_ttf/commit/db1b41ab8bde6723c24b866e466cad78c2fa0448
- https://github.com/libsdl-org/SDL_ttf/issues/187
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAGMQMRQDTZFQW64JEW3O6HY3JYLAAHT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RXI3MDPR24W5557G34YHWOP2MOK6BTGB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPYTEBBNHCDGPVFACC5RC5K2FZUCYTPZ/