{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux7els/vex/2022/cve-2022-25310-els_os-oraclelinux7els.json" } ], "tracking": { "current_release_date": "2026-06-13T01:36:41Z", "generator": { "date": "2026-06-13T01:36:41Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2022-25310-ELS_OS-ORACLELINUX7ELS", "initial_release_date": "2022-09-06T18:15:00Z", "revision_history": [ { "date": "2022-09-06T18:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-06-13T01:36:41Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2022-25310" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 7", "product": { "name": "Oracle Linux 7", "product_id": "Oracle-Linux-7", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" }, { "branches": [ { "category": "product_version", "name": "fribidi-0:1.0.2-1.el7_7.1.i686", "product": { "name": "fribidi-0:1.0.2-1.el7_7.1.i686", "product_id": "fribidi-0:1.0.2-1.el7_7.1.i686", "product_identification_helper": { "purl": "pkg:rpm/oracle/fribidi@1.0.2-1.el7_7.1?arch=i686" } } }, { "category": "product_version", "name": "fribidi-devel-0:1.0.2-1.el7_7.1.i686", "product": { "name": "fribidi-devel-0:1.0.2-1.el7_7.1.i686", "product_id": "fribidi-devel-0:1.0.2-1.el7_7.1.i686", "product_identification_helper": { "purl": "pkg:rpm/oracle/fribidi-devel@1.0.2-1.el7_7.1?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "fribidi-0:1.0.2-1.el7_7.1.x86_64", "product": { "name": "fribidi-0:1.0.2-1.el7_7.1.x86_64", "product_id": "fribidi-0:1.0.2-1.el7_7.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/oracle/fribidi@1.0.2-1.el7_7.1?arch=x86_64" } } }, { "category": "product_version", "name": "fribidi-devel-0:1.0.2-1.el7_7.1.x86_64", "product": { "name": "fribidi-devel-0:1.0.2-1.el7_7.1.x86_64", "product_id": "fribidi-devel-0:1.0.2-1.el7_7.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/oracle/fribidi-devel@1.0.2-1.el7_7.1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.i686", "product": { "name": "fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.i686", "product_id": "fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/fribidi@1.0.2-1.el7_7.1.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.i686", "product": { "name": "fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.i686", "product_id": "fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/fribidi-devel@1.0.2-1.el7_7.1.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64", "product": { "name": "fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64", "product_id": "fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/fribidi@1.0.2-1.el7_7.1.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64", "product": { "name": "fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64", "product_id": "fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/fribidi-devel@1.0.2-1.el7_7.1.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.i686" }, "product_reference": "fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "fribidi-0:1.0.2-1.el7_7.1.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.i686" }, "product_reference": "fribidi-0:1.0.2-1.el7_7.1.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64" }, "product_reference": "fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "fribidi-0:1.0.2-1.el7_7.1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.x86_64" }, "product_reference": "fribidi-0:1.0.2-1.el7_7.1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.i686" }, "product_reference": "fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "fribidi-devel-0:1.0.2-1.el7_7.1.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.i686" }, "product_reference": "fribidi-devel-0:1.0.2-1.el7_7.1.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64" }, "product_reference": "fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "fribidi-devel-0:1.0.2-1.el7_7.1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.x86_64" }, "product_reference": "fribidi-devel-0:1.0.2-1.el7_7.1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-25310", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.i686", "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.i686", "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64", "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.x86_64", "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.i686", "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.i686", "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64", "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-25310" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2022-25310", "url": "https://access.redhat.com/security/cve/CVE-2022-25310" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2047923", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047923" }, { "category": "external", "summary": "https://github.com/fribidi/fribidi/issues/183", "url": "https://github.com/fribidi/fribidi/issues/183" }, { "category": "external", "summary": "https://github.com/fribidi/fribidi/pull/186", "url": "https://github.com/fribidi/fribidi/pull/186" } ], "release_date": "2022-09-06T18:15:00Z", "remediations": [ { "category": "no_fix_planned", "date": "2026-06-12T13:07:21.139317Z", "details": "CVE-2022-25310 is a local-only segmentation-fault in the FriBidi text bidirectional processing library that requires user interaction to process a crafted input and affects availability only, with no confidentiality or integrity impact. FriBidi is a client-side Unicode rendering component typically invoked by desktop/GUI or document-viewer software rather than network-facing or privileged services, so any crash is contained to the calling process. Given the need for user action, lack of remote vector, and absence of code execution or privilege escalation, the practical risk to centrally managed server/VM workloads is minimal and this can be safely deprioritized.", "product_ids": [ "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.i686", "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.i686", "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64", "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.x86_64", "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.i686", "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.i686", "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64", "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.i686", "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.i686", "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64", "Oracle-Linux-7:fribidi-0:1.0.2-1.el7_7.1.x86_64", "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.i686", "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.i686", "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.tuxcare.els1.x86_64", "Oracle-Linux-7:fribidi-devel-0:1.0.2-1.el7_7.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }