CVE-2022-25310 - Segmentation Fault Vulnerability in Fribidi Package Affecting fribidi_remove_bidi_marks() Function

A critical vulnerability has been uncovered in the Fribidi package, which is commonly used for implementing bidirectional text support in various applications. The flaw, assigned as CVE-2022-25310, is a segmentation fault (SEGV) in the fribidi_remove_bidi_marks() function located within the lib/fribidi.c file. In particular, this vulnerability can be exploited by an attacker by crafting a malicious file and passing it to Fribidi, resulting in a crash and a denial of service (DoS) attack.

Fribidi Package Overview

Fribidi is a widely used open-source library for supporting bi-directional text, particularly for languages using the Unicode character set. It assists in handling the complex rules regarding the visual display of right-to-left languages such as Arabic, Hebrew, Syriac, and others, while maintaining the correct display of left-to-right languages like English, Spanish, and others.

Technical Analysis of CVE-2022-25310

The vulnerability is a segmentation fault bug that occurs within the fribidi_remove_bidi_marks() function in the lib/fribidi.c file. When processing a specially crafted file by an attacker, the function encounters a NULL pointer dereference, which results in a segmentation fault, causing the application to crash and lead to a denial of service.

The code snippet in question

void
fribidi_remove_bidi_marks (
  /* input */
  FriBidiCharType *bidi_types,
  /* input and output */
  FriBidiStrIndex *len,
  FriBidiLevel *embedding_levels,
  /* output */
  FriBidiStrIndex *map)
{
  ...
  while (FRIBIDI_IS_EXPLICIT_OR_BIDI_MARK (bidi_types[res]))
    res++;
  ...
}

The crash occurs when the res variable is incremented, leading to access of an out-of-bounds index.

Exploit Details

An attacker can create a specially crafted file that contains carefully chosen bidi marks, which would cause the segmentation fault when processed by the affected Fribidi function. This can be achieved by including specific Unicode characters that Fribidi would treat as explicit bidi marks, forcing the NULL pointer dereference and crashing the application.

Mitigation and Patching

Fribidi developers have been made aware of this vulnerability, and a patch has been merged into the official repository to address the issue. It is strongly recommended that users update to the latest version of the Fribidi library to avoid being affected by this security flaw.

Original References

1. CVE-2022-25310: Vulnerability Details on Common Vulnerabilities and Exposures
2. Fribidi GitHub Repository: https://github.com/fribidi/fribidi
3. Fribidi Official Website: http://fribidi.org/
4. Official Fribidi Patch: https://github.com/fribidi/fribidi/pull/xxx (replace 'xxx' with the actual pull request number once it's available)

Conclusion

The discovered segmentation fault vulnerability (CVE-2022-25310) in the Fribidi package poses a significant risk to applications relying on the library for bidirectional text support. By exploiting this flaw, an attacker may cause denial of service attacks on affected systems by crashing the application. Therefore, users are urged to follow the recommended mitigation steps and apply the latest patches to protect their systems against this vulnerability.

Timeline

Published on: 09/06/2022 18:15:00 UTC
Last modified on: 09/09/2022 15:54:00 UTC