Headline
CVE-2023-2004: Invalid Bug ID
An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.
‘2186428?cve=title’ is not a valid bug number nor an alias to a bug.
Please press Back and try again.
Related news
Gentoo Linux Security Advisory 202402-6 - Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. Versions greater than or equal to 2.13.0 are affected.
Red Hat Security Advisory 2023-5745-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. Issues addressed include an integer overflow vulnerability.
Ubuntu Security Notice 6062-1 - It was discovered that FreeType incorrectly handled certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.