Описание
An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.
An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-2004
- https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611
- https://access.redhat.com/security/cve/CVE-2023-2004
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
- https://bugzilla.redhat.com/show_bug.cgi?id=2186428
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDNGTGQAUZJ6YQDI2AVGYIFFPUMMZLKS
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFZWDF43D73C5KWFF26GIIVZJKEFPS3K
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRSEIYMPWLVPGTC34N2Q3WAUHGGOWSWP
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c. This flaw causes an application to crash or leads to a denial of service.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
