A corrective release of the Pixman 0.42.2 library has been published, which is used for low-level graphics rendering in many open source projects, including X.Org, Cairo, Firefox, and composite managers based on the Wayland protocol. The new version fixes a dangerous vulnerability (CVE-2022-44638) that leads to a buffer overflow when processing pixel data with parameters that lead to integer overflow.
Researchers have published a prototype exploit demonstrating the possibility of controlled writing of data outside the allocated buffer. The use of the vulnerability to organize the execution of the attacker's code is not ruled out. You can track the publication of fixes by distributions on these pages: Debian, RHEL, Fedora, SUSE, Ubuntu, Arch Linux, OpenBSD, FreeBSD, NetBSD.
Source: opennet.ru