Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-35095
CVE-2022-35095:
NixOS vulnerability analysis and mitigation
Overview
SWFTools commit 772e55a2 was discovered to contain multiple heap-buffer overflow vulnerabilities. The vulnerability was identified in the pdf2swf component, which is used for converting PDF files to SWF format (GitHub Issue).
Technical details
The vulnerability manifests as multiple heap-buffer overflow conditions in different components of the pdf2swf tool. These include overflows in the DCTStream::readHuffSym function, GfxICCBasedColorSpace::getDefaultColor function, and the draw_stroke function. The issues occur when processing specially crafted PDF files (GitHub Issue).
Impact
The vulnerabilities could allow attackers to cause heap corruption through specially crafted PDF files, potentially leading to arbitrary code execution or denial of service conditions (GitHub Issue).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management