CVE-2022-31782: 
Linux Debian vulnerability analysis and mitigation

A heap-based buffer overflow vulnerability was identified in FreeType Demo Programs through version 2.12.1, specifically in the ftbench.c component. The vulnerability was assigned CVE-2022-31782 and was disclosed on June 2, 2022. This security issue affects the FreeType demonstration programs package, which is a component of the broader FreeType software suite (MITRE CVE, Ubuntu Security).

The vulnerability has been assigned a CVSS 3.1 base score of 7.8 (High severity). The technical assessment indicates it is a local attack vector with low attack complexity, requiring no privileges but user interaction. The scope is unchanged, with high impacts on confidentiality, integrity, and availability. The complete vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (Ubuntu Security).

The vulnerability can potentially lead to high impacts on system confidentiality, integrity, and availability when successfully exploited. As a heap-based buffer overflow, it could potentially allow attackers to execute arbitrary code or cause program crashes, though this is limited to the FreeType Demo Programs component (Ubuntu Security).

Several Linux distributions have released fixes for this vulnerability. Ubuntu has addressed the issue in multiple versions: Ubuntu 22.04 LTS (version 2.11.1+dfsg-1ubuntu0.1), Ubuntu 20.04 LTS (version 2.10.1-2ubuntu0.2), and Ubuntu 18.04 LTS (version 2.8.1-2ubuntu2.2). Debian has also fixed the vulnerability in bookworm (version 2.12.1+dfsg-5+deb12u3) and sid/trixie releases (Ubuntu Security, Debian Tracker).