{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "6.1.0.26" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "3e7628741616716cce009017fc990c13399fc3bb" }, { "fixed": "b17d5e860f30e8be2caeb0022b63be4c76660178" } ], "repo": "https://github.com/onlyoffice/core", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "6.0.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "adaf61fd7747896a13891142b9c131568f71825f" } ], "repo": "https://github.com/onlyoffice/documentserver", "type": "GIT" } ] } ], "details": "Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h.", "id": "CVE-2022-29777", "modified": "2026-03-13T21:50:30.432528135Z", "published": "2022-06-02T14:15:51.120Z", "references": [ { "type": "ADVISORY", "url": "https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#601" }, { "type": "FIX", "url": "https://github.com/ONLYOFFICE/core/commit/b17d5e860f30e8be2caeb0022b63be4c76660178" }, { "type": "EVIDENCE", "url": "https://github.com/moehw/poc_exploits/tree/master/CVE-2022-29777" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }