Denial-of-Service Vulnerability in VMware Workstation and Horizon Client for Windows via Cortado ThinPrint Component

CVE-2022-22938 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windows (5.x prior to 5.5.3) contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.

Learn more about our Cis Benchmark Audit For Desktop Software.