CVE-2022-1215

NameCVE-2022-1215
DescriptionA format string vulnerability was found in libinput
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libinput (PTS)buster1.12.6-2+deb10u1vulnerable
bullseye1.16.4-3vulnerable
bookworm, sid1.22.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libinputsourcestretch(not affected)
libinputsource(unstable)1.20.1-1

Notes

[bullseye] - libinput <no-dsa> (Minor issue)
[buster] - libinput <no-dsa> (Minor issue)
[stretch] - libinput <not-affected> (Vulnerable code introduced later)
https://www.openwall.com/lists/oss-security/2022/04/20/2
https://gitlab.freedesktop.org/libinput/libinput/-/commit/2a8b8fde90d63d48ce09ddae44142674bbca1c28
https://lists.x.org/archives/xorg-announce/2022-April/003159.html
Introduced by: https://gitlab.freedesktop.org/libinput/libinput/-/commit/d4b76be18b9bcbdb497de1040855d80972c3bbb2 (1.9.902 / 1.10 release)

Search for package or bug name: Reporting problems