Bug 2139988 (CVE-2022-44638) - CVE-2022-44638 pixman: Integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write
Summary: CVE-2022-44638 pixman: Integer overflow in pixman_sample_floor_y leading to h...
Keywords:
Status: NEW
Alias: CVE-2022-44638
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2139989 2139990 2139991 2139992 2139993 2139994 2139995 2139996
Blocks: 2139774
TreeView+ depends on / blocked
 
Reported: 2022-11-04 04:39 UTC by Sandipan Roy
Modified: 2024-04-30 11:02 UTC (History)
14 users (show)

Fixed In Version: Pixman 0.42.2
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in pixman. This issue causes an out-of-bounds write in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. This can result in data corruption, a crash, or code execution.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:7375 0 None None None 2023-11-21 11:07:44 UTC
Red Hat Product Errata RHSA-2023:7386 0 None None None 2023-11-21 11:15:48 UTC
Red Hat Product Errata RHSA-2023:7403 0 None None None 2023-11-21 11:32:21 UTC
Red Hat Product Errata RHSA-2023:7531 0 None None None 2023-11-28 15:35:03 UTC
Red Hat Product Errata RHSA-2023:7754 0 None None None 2023-12-12 17:23:05 UTC
Red Hat Product Errata RHSA-2024:0131 0 None None None 2024-01-10 11:29:51 UTC
Red Hat Product Errata RHSA-2024:2525 0 None None None 2024-04-30 11:02:36 UTC

Description Sandipan Roy 2022-11-04 04:39:48 UTC
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.

https://gitlab.freedesktop.org/pixman/pixman/-/issues/63

Comment 1 Sandipan Roy 2022-11-04 04:42:48 UTC
Created mingw-pixman tracking bugs for this issue:

Affects: fedora-35 [bug 2139989]
Affects: fedora-36 [bug 2139991]


Created pixman tracking bugs for this issue:

Affects: fedora-35 [bug 2139990]
Affects: fedora-36 [bug 2139992]

Comment 5 errata-xmlrpc 2023-11-21 11:07:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2023:7375 https://access.redhat.com/errata/RHSA-2023:7375

Comment 6 errata-xmlrpc 2023-11-21 11:15:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:7386 https://access.redhat.com/errata/RHSA-2023:7386

Comment 7 errata-xmlrpc 2023-11-21 11:32:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7403 https://access.redhat.com/errata/RHSA-2023:7403

Comment 8 errata-xmlrpc 2023-11-28 15:35:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7531 https://access.redhat.com/errata/RHSA-2023:7531

Comment 9 errata-xmlrpc 2023-12-12 17:23:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7754 https://access.redhat.com/errata/RHSA-2023:7754

Comment 10 errata-xmlrpc 2024-01-10 11:29:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0131 https://access.redhat.com/errata/RHSA-2024:0131

Comment 12 errata-xmlrpc 2024-04-30 11:02:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2525 https://access.redhat.com/errata/RHSA-2024:2525


Note You need to log in before you can comment on or make changes to this bug.