Login Sign Up

CVE-2022-27406

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2022-27406 is a memory corruption vulnerability in FreeType's FT_Request_Size function that can cause segmentation faults or potentially allow arbitrary code execution. This affects any software that uses the FreeType library for font rendering, including operating systems, applications, and web browsers. Attackers could exploit this by providing malicious font files to vulnerable systems.

💻 Affected Systems

Products:
  • FreeType
  • Any software using FreeType library
Versions: FreeType versions before commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5
Operating Systems: Linux, Windows, macOS, BSD variants
Default Config Vulnerable: ⚠️ Yes
Notes: All systems using vulnerable FreeType versions are affected regardless of configuration

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Freetype by Freetype

View all CVEs affecting Freetype →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if exploited successfully

🟠

Likely Case

Denial of service through application crashes or system instability

🟢

If Mitigated

Application crash with no further impact if memory protections are enabled

🌐 Internet-Facing: MEDIUM - Exploitation requires processing malicious fonts, which could come from web content or file uploads
🏢 Internal Only: LOW - Requires user interaction or specific font processing scenarios

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires processing malicious font files, which could be delivered via web content, documents, or file uploads

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 and later

Vendor Advisory: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140

Restart Required: Yes

Instructions:

1. Update FreeType library to patched version. 2. Update any software packages that bundle FreeType. 3. Restart affected applications or services. 4. For Linux distributions, use package manager: 'sudo apt update && sudo apt upgrade freetype' (Debian/Ubuntu) or 'sudo yum update freetype' (RHEL/CentOS).

🔧 Temporary Workarounds

Font processing restrictions

all

Restrict processing of untrusted font files through application configuration or system policies

Memory protection hardening

linux

Enable ASLR and other memory protection mechanisms to reduce exploit impact

sysctl -w kernel.randomize_va_space=2

🧯 If You Can't Patch

  • Implement network segmentation to isolate vulnerable systems
  • Deploy application allowlisting to prevent execution of unknown binaries

🔍 How to Verify

Check if Vulnerable:

Check FreeType version: 'freetype-config --version' or examine package version in system package manager

Check Version:

freetype-config --version || dpkg -l | grep freetype || rpm -qa | grep freetype

Verify Fix Applied:

Verify FreeType version is after commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 or check with distribution-specific security updates

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault errors in application logs
  • Unexpected process termination related to font processing

Network Indicators:

  • Unusual font file downloads or transfers
  • Font processing requests to vulnerable services

SIEM Query:

process.name:freetype AND (event.action:segfault OR event.outcome:failure)

📊 Metadata

CVE ID: CVE-2022-27406
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-125
Published: April 22, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-27406, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)