Описание
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| texlive-bin | fixed | 2023.20230311.66589-9 | package | |
| texlive-bin | fixed | 2022.20220321.62855-5.1+deb12u2 | bookworm | package |
| texlive-bin | no-dsa | buster | package |
Примечания
https://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=co
https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912
https://github.com/TeX-Live/texlive-source/pull/63
EPSS
Связанные уязвимости
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.
Уязвимость функции ttfLoadHDMX:ttfdump компонента texlive-bin систем компьютерной верстки TeX Live, позволяющая нарушителю вызвать отказ в обслуживании
EPSS