CVE-2022-27404

CRITICAL

FreeType < 2.12.0 - Heap Buffer Overflow in sfnt_init_face

Title source: llm

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.

Core 7

Core References

Mailing List, Third Party Advisory vendor-advisory

Mailing List, Third Party Advisory vendor-advisory

Mailing List, Third Party Advisory vendor-advisory

Mailing List, Third Party Advisory vendor-advisory

Mailing List, Third Party Advisory vendor-advisory

Third Party Advisory vendor-advisory

Exploit, Issue Tracking, Patch, Vendor Advisory

CVSS v3 9.8

EPSS 0.0012

EPSS Percentile 31.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787

Status published

Products (4)

fedoraproject/fedora 34

fedoraproject/fedora 35

fedoraproject/fedora 36

freetype/freetype < 2.12.0

Published Apr 22, 2022

Tracked Since Feb 18, 2026