CVE-2022-27470 — Vulnetix

CVE-2022-27470 PUBLISHED CVSS 6.800000190734863 MEDIUM

SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.

EPSS 0.15% · 35.6th percentile

Risk Scores

CVSS v2.0

6.800000190734863

EPSS Score

0.15%

35.6th percentile

Affected Products

Vendor	Product	Versions
libsdl	sdl_ttf	0
fedoraproject	fedora	34, 35, 36
n/a	n/a	n/a

Timeline

May 4, 2022 EPSS Score
May 4, 2022 CVE Published
Jun 22, 2022 EPSS Score
Aug 12, 2022 EPSS Score
Sep 30, 2022 EPSS Score
Nov 19, 2022 EPSS Score
Jan 7, 2023 EPSS Score
Feb 26, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 16, 2023 EPSS Score
Jun 5, 2023 EPSS Score
Jul 24, 2023 EPSS Score

References

https://github.com/libsdl-org/SDL_ttf/issues/187 url
https://github.com/libsdl-org/SDL_ttf/commit/db1b41ab8bde6723c24b866e466cad78c2fa0448 url
FEDORA-2022-280ac942be vendor-advisory
FEDORA-2022-600e0cba93 vendor-advisory
FEDORA-2022-857d1f7050 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-27470 advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EAGMQMRQDTZFQW64JEW3O6HY3JYLAAHT url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RXI3MDPR24W5557G34YHWOP2MOK6BTGB url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPYTEBBNHCDGPVFACC5RC5K2FZUCYTPZ url

Open in Interactive Console →