CVE-2023-2004

Name
CVE-2023-2004
Description
An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2186428
MISC https://access.redhat.com/security/cve/CVE-2023-2004
MISC https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
MISC https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDNGTGQAUZJ6YQDI2AVGYIFFPUMMZLKS/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRSEIYMPWLVPGTC34N2Q3WAUHGGOWSWP/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFZWDF43D73C5KWFF26GIIVZJKEFPS3K/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* freetype >= None < 2.13.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
freetype 3.17-main 2.12.1-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
freetype 3.16-main 2.12.1-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
freetype 3.15-main 2.11.1-r2 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
freetype 3.14-main 2.10.4-r3 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable