Endpoint Vulnerability

CVE-2019-18397fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in lib/fribidi-bidi.c leading to denial of service and possible code execution

Description

A heap-based buffer overflow vulnerability was found in GNU FriBidi, an implementation of the Unicode Bidirectional Algorithm (bidi). When the flaw is triggered it's possible to manipulate the heap contents, leading to memory corruption causing a denial of service and to arbitrary code execution. The highest threat from this flaw to both data and system availability.

Affected Products

fribidi

References

CVE-2019-18397,