Search for vulnerabilities
Vulnerability details: VCID-s516-n9vv-aqae
Vulnerability ID VCID-s516-n9vv-aqae
Aliases CVE-2022-29536
Summary In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00126 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2022-29536
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2022-29536
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29536
archlinux High https://security.archlinux.org/AVG-2684
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-29536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29536
https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106
https://lists.debian.org/debian-lts-announce/2022/08/msg00006.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLLDMY4JYDZTMZSCPSY23K5YW3SQYUR6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7YWVIUGFRA6GOE3QAPSJJ6EL3DJG5NX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5K5UPNHVWXDPSMBNSB2645MD2N5CXQS/
https://www.debian.org/security/2022/dsa-5208
1009959 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009959
AVG-2684 https://security.archlinux.org/AVG-2684
cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
CVE-2022-29536 https://nvd.nist.gov/vuln/detail/CVE-2022-29536
USN-5561-1 https://usn.ubuntu.com/5561-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29536
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29536
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.32049
EPSS Score 0.00121
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:42:13.283519+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.17/community.json 37.0.0