CVE & CISA-KEV Catalog

CVE-2022-44638

HIGH
8.8
CVSS v3
NVD

Description

In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.

How to fix

Remediation Available
pixmanDebian
Fixed in:0.40.0-1.1~deb11u1CVE-2022-44638
Fixed in:0.40.0-1.1CVE-2022-44638
Fixed in:0.40.0-1.1CVE-2022-44638
Fixed in:0.40.0-1.1CVE-2022-44638
mingw-pixmanRed Hat / RHEL
Fixed in:0:0.42.2-3.el9RHSA-2024:2525
mingw-pixmanRocky
Fixed in:0:0.42.2-3.el9RHSA-2024:2525
mingw32-pixmanRocky
Fixed in:0:0.42.2-3.el9RHSA-2024:2525
mingw32-pixmanRed Hat / RHEL
Fixed in:0:0.42.2-3.el9RHSA-2024:2525
mingw32-pixman-debuginfoRed Hat / RHEL
Fixed in:0:0.42.2-3.el9RHSA-2024:2525
mingw32-pixman-debuginfoRocky
Fixed in:0:0.42.2-3.el9RHSA-2024:2525
mingw64-pixmanRed Hat / RHEL
Fixed in:0:0.42.2-3.el9RHSA-2024:2525
mingw64-pixmanRocky
Fixed in:0:0.42.2-3.el9RHSA-2024:2525
mingw64-pixman-debuginfoRocky
Fixed in:0:0.42.2-3.el9RHSA-2024:2525
mingw64-pixman-debuginfoRed Hat / RHEL
Fixed in:0:0.42.2-3.el9RHSA-2024:2525
pixmanRocky
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
pixmanRed Hat / RHEL
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
pixman-debuginfoRed Hat / RHEL
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
pixman-debuginfoRocky
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
pixman-debugsourceRocky
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
pixman-debugsourceRed Hat / RHEL
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
pixman-develRocky
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
pixman-develRed Hat / RHEL
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_8RHSA-2023:7531
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.38.4-3.el8_6RHSA-2023:7403
Fixed in:0:0.38.4-3.el8_9RHSA-2024:0131
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_2RHSA-2023:7375
Fixed in:0:0.40.0-6.el9_0RHSA-2023:7386
Fixed in:0:0.40.0-6.el9_3RHSA-2023:7754
libpixman-1-0Ubuntu
Fixed in:0.30.2-2ubuntu1.2+esm1USN-5718-2
Fixed in:0.33.6-1ubuntu0.1~esm1USN-5718-2
Fixed in:0.34.0-2ubuntu0.1USN-5718-1
Fixed in:0.38.4-0ubuntu2.1USN-5718-1
Fixed in:0.40.0-1ubuntu0.22.04.1USN-5718-1
Fixed in:0.40.0-1ubuntu0.22.10.1USN-5718-1
libpixman-1-devUbuntu
Fixed in:0.30.2-2ubuntu1.2+esm1USN-5718-2
Fixed in:0.33.6-1ubuntu0.1~esm1USN-5718-2
pixmanUbuntu
Fixed in:0.30.2-2ubuntu1.2+esm1USN-5718-2
Fixed in:0.33.6-1ubuntu0.1~esm1USN-5718-2
Fixed in:0.34.0-2ubuntu0.1USN-5718-1
Fixed in:0.38.4-0ubuntu2.1USN-5718-1
Fixed in:0.40.0-1ubuntu0.22.04.1USN-5718-1
Fixed in:0.40.0-1ubuntu0.22.10.1USN-5718-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploit Intelligence

1.44%probability of exploitation in 30 days
70thpercentile

Moderate risk: more likely to be exploited than 70% of all known CVEs.

References

Related Vulnerabilities

Other CWE-190 (Integer Overflow) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2020-16040Medium6.5100%-Fix
CVE-2019-11477High7.599%-Fix
CVE-2023-44443High7.894%-Fix
CVE-2014-0569High9.390%--
CVE-2017-3599High7.590%-Fix
CVE-2023-21716Critical9.882%-Fix
Embed a live status badge for CVE-2022-44638
CVE-2022-44638 severity badge

Markdown

[![CVE-2022-44638](https://tridentstack.com/cve/badge/CVE-2022-44638.svg)](https://tridentstack.com/cve/CVE-2022-44638)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-44638"><img src="https://tridentstack.com/cve/badge/CVE-2022-44638.svg" alt="CVE-2022-44638"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-05-02.